-- -- (C) 2013-17 - ntop.org -- dirs = ntop.getDirs() package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path local shaper_utils if ntop.isPro() then package.path = dirs.installdir .. "/scripts/lua/pro/modules/?.lua;" .. package.path shaper_utils = require("shaper_utils") end require "lua_utils" require "historical_utils" require "flow_utils" require "voip_utils" local json = require ("dkjson") sendHTTPHeader('text/html; charset=iso-8859-1') ntop.dumpFile(dirs.installdir .. "/httpdocs/inc/header.inc") warn_shown = 0 function displayProc(proc) print("User Name".. proc.user_name .."\n") print("Process PID/Name".. proc.pid .. "/" .. proc.name .. "") print(" [son of " .. proc.father_pid .. "/" .. proc.father_name .."]\n") if(proc.actual_memory > 0) then print("Average CPU Load") cpu_load = round(proc.average_cpu_load, 2).."" if(proc.average_cpu_load < 33) then if(proc.average_cpu_load == 0) then proc.average_cpu_load = "< 1" end print(""..cpu_load.." %") elseif(proc.average_cpu_load < 66) then print(""..cpu_load.." %") else print(""..cpu_load.." %") end print(" \n") print("I/O Wait Time Percentage") cpu_load = round(proc.percentage_iowait_time, 2).."" if(proc.percentage_iowait_time < 33) then if(proc.percentage_iowait_time == 0) then proc.percentage_iowait_time = "< 1" end print(""..cpu_load.." %") elseif(proc.percentage_iowait_time < 66) then print(""..cpu_load.." %") else print(""..cpu_load.." %") end print(" \n") print("Memory Actual / Peak".. bytesToSize(proc.actual_memory) .. " / ".. bytesToSize(proc.peak_memory) .. " [" .. round((proc.actual_memory*100)/proc.peak_memory, 1) .."%]\n") print("VM Page Faults") if(proc.num_vm_page_faults > 0) then print(""..proc.num_vm_page_faults.."") else print(""..proc.num_vm_page_faults.."") end print("\n") end if(proc.actual_memory == 0) then if(warn_shown == 0) then warn_shown = 1 print(' Process information report is limited unless you use ntopng with nProbe and the sprobe plugin\n') end end end active_page = "flows" dofile(dirs.installdir .. "/scripts/lua/inc/menu.lua") a = _GET["label"] if not isEmptyString(a) then patterns = { ['_'] = "", ['-_'] = " " } for search,replace in pairs(patterns) do a = string.gsub(a, search, replace) end end print [[
]] throughput_type = getThroughputType() flow_key = _GET["flow_key"] interface.select(ifname) is_packetdump_enabled = isLocalPacketdumpEnabled() if(flow_key == nil) then flow = nil else flow = interface.findFlowByKey(tonumber(flow_key)) end local ifid = interface.name2id(ifname) if(flow == nil) then print('
This flow cannot be found. '.. purgedErrorString()..'
') else if(_POST["drop_flow_policy"] == "true") then interface.dropFlowTraffic(tonumber(flow_key)) flow["verdict.pass"] = false end if(_POST["dump_flow_to_disk"] ~= nil and is_packetdump_enabled) then interface.dumpFlowTraffic(tonumber(flow_key), ternary(_POST["dump_flow_to_disk"] == "true", 1, 0)) flow["dump.disk"] = ternary(_POST["dump_flow_to_disk"] == "true", true, false) end ifstats = interface.getStats() print("\n") if (ifstats.vlan and (flow["vlan"] ~= nil)) then print("\n") end -- tprint(flow) print("\n") print("") if(ifstats.inline and flow["verdict.pass"]) then print("') print("\n") if(ifstats.inline and (flow["shaper.cli2srv_ingress"] ~= nil)) then print("") c = flowinfo2hostname(flow,"cli",ifstats.vlan) s = flowinfo2hostname(flow,"srv",ifstats.vlan) cli_max_rate = shaper_utils.getShaperMaxRate(ifstats.id, flow["shaper.cli2srv_ingress"]) if(cli_max_rate == "") then cli_max_rate = -1 end srv_max_rate =shaper_utils.getShaperMaxRate(ifstats.id, flow["shaper.cli2srv_egress"]) if(srv_max_rate == "") then srv_max_rate = -1 end max_rate = getFlowMaxRate(cli_max_rate, srv_max_rate) print("") cli_max_rate = shaper_utils.getShaperMaxRate(ifstats.id, flow["shaper.srv2cli_ingress"]) if(cli_max_rate == "") then cli_max_rate = -1 end srv_max_rate = shaper_utils.getShaperMaxRate(ifstats.id, flow["shaper.srv2cli_egress"]) if(srv_max_rate == "") then srv_max_rate = -1 end max_rate = getFlowMaxRate(cli_max_rate, srv_max_rate) print("") print("") end print("\n") print("\n") print("") if((ifstats.type ~= "zmq") and ((flow["proto.l4"] == "TCP") or (flow["proto.l4"] == "UDP")) and (flow["goodput_bytes"] > 0)) then print("\n") else print("\n") end print("\n") print("\n") if(flow["tcp.nw_latency.client"] ~= nil) then s = flow["tcp.nw_latency.client"] + flow["tcp.nw_latency.server"] if(s > 0) then print("\n") end end if(flow["tcp.appl_latency"] ~= nil and flow["tcp.appl_latency"] > 0) then print("\n") end if((flow["cli2srv.packets"] > 1) and (flow["interarrival.cli2srv"]["max"] > 0)) then print("\n") if(flow["srv2cli.packets"] < 2) then print("\n") if(flow["flow.idle"] == true) then print("") end end if(flow["tcp.seq_problems"] ~= nil) then rowspan = 2 if((flow["cli2srv.retransmissions"] + flow["srv2cli.retransmissions"]) > 0) then rowspan = rowspan+1 end if((flow["cli2srv.out_of_order"] + flow["srv2cli.out_of_order"]) > 0) then rowspan = rowspan+1 end if((flow["cli2srv.lost"] + flow["srv2cli.lost"]) > 0) then rowspan = rowspan+1 end if(((flow["cli2srv.retransmissions"] + flow["srv2cli.retransmissions"]) + (flow["cli2srv.out_of_order"] + flow["srv2cli.out_of_order"]) + (flow["cli2srv.lost"] + flow["srv2cli.lost"])) > 0) then print("") print("\n") if((flow["cli2srv.retransmissions"] + flow["srv2cli.retransmissions"]) > 0) then print("\n") end if((flow["cli2srv.out_of_order"] + flow["srv2cli.out_of_order"]) > 0) then print("\n") end if((flow["cli2srv.lost"] + flow["srv2cli.lost"]) > 0) then print("\n") end end end if(flow["protos.ssl.certificate"] ~= nil) then print("\n") end if((flow["tcp.max_thpt.cli2srv"] ~= nil) and (flow["tcp.max_thpt.cli2srv"] > 0)) then print("\n") end if((flow["cli2srv.trend"] ~= nil) and false) then print("\n") end flags = flow["cli2srv.tcp_flags"] or flow["srv2cli.tcp_flags"] if((flags ~= nil) and (flags > 0)) then print("\n") print("\n") end local icmp = flow["icmp"] if(icmp ~= nil) then print("\n") end if interface.isPacketInterface() then print("\n") end if((flow.client_process == nil) and (flow.server_process == nil)) then print("\n") else if((flow.client_process ~= nil) or (flow.server_process ~= nil)) then print('\n') end if(flow.client_process ~= nil) then print("\n") displayProc(flow.client_process) end if(flow.server_process ~= nil) then print("\n") displayProc(flow.server_process) end end if(flow["protos.dns.last_query"] ~= nil) then print("\n") end if(flow["bittorrent_hash"] ~= nil) then print("\n") end if(flow["protos.ssh.client_signature"] ~= nil) then print("\n") end if(flow["protos.http.last_url"] ~= nil) then print("\n") print("\n") print("\n") print("\n") else if((flow["host_server_name"] ~= nil) and (flow["protos.dns.last_query"] == nil)) then print("\n") end end if(flow["profile"] ~= nil) then print("\n") end if is_packetdump_enabled then dump_flow_to_disk = flow["dump.disk"] if(dump_flow_to_disk == true) then dump_flow_to_disk_checked = 'checked="checked"' dump_flow_to_disk_value = "false" -- Opposite else dump_flow_to_disk_checked = "" dump_flow_to_disk_value = "true" -- Opposite end print("\n") end if (flow["moreinfo.json"] ~= nil) then local info, pos, err = json.decode(flow["moreinfo.json"], 1, nil) local isThereSIP = 0 local isThereRTP = 0 -- Convert the array to symbolic identifiers if necessary local syminfo = {} for key,value in pairs(info) do local k = rtemplate[tonumber(key)] if(k ~= nil) then syminfo[k] = value else syminfo[key] = value end end info = syminfo -- get SIP rows if(ntop.isPro() and (flow["proto.ndpi"] == "SIP")) then local sip_table_rows = getSIPTableRows(info) print(sip_table_rows) isThereSIP = isThereProtocol("SIP", info) if(isThereSIP == 1) then isThereSIP = isThereSIPCall(info) end end info = removeProtocolFields("SIP",info) -- get RTP rows if(ntop.isPro() and (flow["proto.ndpi"] == "RTP")) then local rtp_table_rows = getRTPTableRows(info) print(rtp_table_rows) -- io.write(flow["proto.ndpi"].."\n") isThereRTP = isThereProtocol("RTP", info) end info = removeProtocolFields("RTP",info) num = 0 for key,value in pairs(info) do if(num == 0) then print("\n") end if(value ~= "") then print("\n") end num = num + 1 end end print("
") if(ifstats.sprobe) then print('Source Id') else print('VLAN ID') end print("" .. flow["vlan"].. "
Flow Peers [ Client / Server ]") print(flowinfo2hostname(flow,"cli",ifstats.vlan)) if(flow["cli.systemhost"] == true) then print(" ") end print("") if(flow["cli.port"] > 0) then print(":" .. flow["cli.port"].."") end if(flow["cli.mac"] ~= nil and flow["cli.mac"]~= "" and flow["cli.mac"] ~= "00:00:00:00:00:00") then print(" [ " .. flow["cli.mac"].." ]") end print("  \n") print("") print(flowinfo2hostname(flow,"srv",ifstats.vlan)) if(flow["srv.systemhost"] == true) then print(" ") end print("") if(flow["srv.port"] > 0) then print(":" .. flow["srv.port"].. "") end if(flow["srv.mac"] ~= nil and flow["srv.mac"]~= "" and flow["srv.mac"] ~= "00:00:00:00:00:00") then print(" [ " .. flow["srv.mac"].." ]") end print("
Protocol") else print("") end if(flow["verdict.pass"] == false) then print("") end print(flow["proto.l4"].." / ") print(getApplicationLabel(flow["proto.ndpi"]).." ("..flow["proto.ndpi_id"]..")") print(" ".. formatBreed(flow["proto.ndpi_breed"])) if(flow["verdict.pass"] == false) then print("") end historicalProtoHostHref(ifid, flow["cli.ip"], nil, flow["proto.ndpi_id"], flow["protos.ssl.certificate"]) if(ifstats.inline) then if(flow["verdict.pass"]) then print('
') print('') print('') print('\n') print('
') end end print('
Flow Shapers"..c.." "..s..""..shaper_utils.shaperRateToString(max_rate).."
"..c.." "..s..""..shaper_utils.shaperRateToString(max_rate).."
First / Last Seen
" .. formatEpoch(flow["seen.first"]) .. " [" .. secondsToTime(os.time()-flow["seen.first"]) .. " ago]" .. "
" .. formatEpoch(flow["seen.last"]) .. " [" .. secondsToTime(os.time()-flow["seen.last"]) .. " ago]" .. "
Total TrafficTotal: " .. bytesToSize(flow["bytes"]) .. " Goodput: " .. bytesToSize(flow["goodput_bytes"]) .. " (") pctg = round(((flow["goodput_bytes"]*100)/flow["bytes"]), 2) if(pctg < 50) then pctg = ""..pctg.."" elseif(pctg < 60) then pctg = ""..pctg.."" end print(pctg.."") print(" %)
 
Client Server: " .. formatPackets(flow["cli2srv.packets"]) .. " / ".. bytesToSize(flow["cli2srv.bytes"]) .. " Client Server: " .. formatPackets(flow["srv2cli.packets"]) .. " / ".. bytesToSize(flow["srv2cli.bytes"]) .. "
") cli2srv = round((flow["cli2srv.bytes"] * 100) / flow["bytes"], 0) cli_name = shortHostName(ntop.getResolvedAddress(flow["cli.ip"])) srv_name = shortHostName(ntop.getResolvedAddress(flow["srv.ip"])) if(flow["cli.port"] > 0) then cli_name = cli_name .. ":" .. flow["cli.port"] srv_name = srv_name .. ":" .. flow["srv.port"] end print('
'.. cli_name..'
' .. srv_name .. '
') print("
Network Latency Breakdown") cli2srv = round(((flow["tcp.nw_latency.client"] * 100) / s), 0) c = string.format("%.3f", flow["tcp.nw_latency.client"]) print('
'.. c ..' ms (client)
') s = string.format("%.3f", flow["tcp.nw_latency.server"]) print('
' .. s .. ' ms (server)
') print("
Application Latency"..msToTime(flow["tcp.appl_latency"]).."
Packet Inter-Arrival Time
[ Min / Avg / Max ]		Client Server: ") print(msToTime(flow["interarrival.cli2srv"]["min"]).." / "..msToTime(flow["interarrival.cli2srv"]["avg"]).." / "..msToTime(flow["interarrival.cli2srv"]["max"])) print(" ") else print("Client Server: ") print(msToTime(flow["interarrival.srv2cli"]["min"]).." / "..msToTime(flow["interarrival.srv2cli"]["avg"]).." / "..msToTime(flow["interarrival.srv2cli"]["max"])) end print("
This looks like an idle flow with periodic transmissions just to keep it alive.
TCP Packet Analysis
 Client Server / Client Server
Retransmissions".. formatPackets(flow["cli2srv.retransmissions"]) .." / ".. formatPackets(flow["srv2cli.retransmissions"]) .."
Out of Order".. formatPackets(flow["cli2srv.out_of_order"]) .." / ".. formatPackets(flow["srv2cli.out_of_order"]) .."
Lost".. formatPackets(flow["cli2srv.lost"]) .." / ".. formatPackets(flow["srv2cli.lost"]) .."
SSL Certificate") print(""..flow["protos.ssl.certificate"].." ") if(flow["category"] ~= nil) then print(" "..getCategoryIcon(flow["protos.ssl.certificate"], flow["category"])) end historicalProtoHostHref(ifid, nil, nil, nil, flow["protos.ssl.certificate"]) print("
".. ''.. "Max (Estimated) TCP Throughput Client Server: ") print(bitsToSize(flow["tcp.max_thpt.cli2srv"])) print(" Client Server: ") print(bitsToSize(flow["tcp.max_thpt.srv2cli"])) print("
Throughput Trend"..flow["cli.ip"].." "..flow["srv.ip"]..": ") print(flow["cli2srv.trend"]) print(""..flow["cli.ip"].." "..flow["srv.ip"]..": ") print(flow["srv2cli.trend"]) print("
TCP FlagsClient Server: ") printTCPFlags(flow["cli2srv.tcp_flags"]) print("Client Server: ") printTCPFlags(flow["srv2cli.tcp_flags"]) print("
") flow_completed = false flow_reset = false flows_syn_seen = false resetter = "" if(hasbit(flags,0x01)) then flow_completed = true end if(hasbit(flags,0x02)) then flows_syn_seen = true end if(hasbit(flags,0x04)) then flow_completed = true flow_reset = true if(hasbit(flow["cli2srv.tcp_flags"],0x04)) then resetter = "client" else resetter = "server" end end local flow_msg="" if flow_reset == true then flow_msg = flow_msg.." This flow has been reset" if resetter ~= nil and resetter ~= "" then flow_msg = flow_msg.." by "..resetter end flow_msg = flow_msg.."." elseif flow_completed == true then flow_msg = flow_msg.." This flow is completed and will expire soon." else flow_msg = flow_msg.." This flow is active." if flows_syn_seen == false then flow_msg = flow_msg.." However, flow begin has not been seen: peer roles (client/server) might be inaccurate." end end print(flow_msg) print("
ICMP Info".. getICMPTypeCode(icmp) .. "
Flow Status"..getFlowStatus(flow["flow.status"]).."
Actual / Peak Throughput") if (throughput_type == "bps") then print("" .. bitsToSize(8*flow["throughput_bps"]) .. " ") elseif (throughput_type == "pps") then print("" .. pktsToSize(flow["throughput_bps"]) .. " ") end if (throughput_type == "bps") then print(" / " .. bitsToSize(8*flow["top_throughput_bps"]) .. " ") elseif (throughput_type == "pps") then print(" / " .. pktsToSize(flow["top_throughput_bps"]) .. " ") end print("0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0") print("
') width = 1024 height = 200 url = ntop.getHttpPrefix().."/lua/sprobe_flow_data.lua?flow_key="..flow_key dofile(dirs.installdir .. "/scripts/lua/inc/sprobe.lua") print('
Client Process Information
Server Process Information
DNS Query") if(string.ends(flow["protos.dns.last_query"], "arpa")) then print(flow["protos.dns.last_query"]) else print(""..flow["protos.dns.last_query"].." ") end if(flow["category"] ~= nil) then print(" "..getCategoryIcon(flow["protos.dns.last_query"], flow["category"])) end print("
BitTorrent hash".. flow["bittorrent_hash"].."
SSH SignatureClient: "..flow["protos.ssh.client_signature"].."Server: "..flow["protos.ssh.server_signature"].."
HTTPHTTP Method"..flow["protos.http.last_method"].."
Server Name") if(flow["host_server_name"] ~= nil and flow["host_server_name"] ~= "") then s = flow["host_server_name"] else s = flowinfo2hostname(flow,"srv",ifstats.vlan) end print(""..s.." ") if(flow["category"] ~= nil) then print(" "..getCategoryIcon(flow["host_server_name"], flow["category"])) end print("
URL") if(flow["protos.http.last_url"] ~= "") then print(""..shortenString(flow["protos.http.last_url"]).." ") else print(shortenString(flow["protos.http.last_url"])) end print("
Response Code"..flow["protos.http.last_return_code"].."
Server Name"..flow["host_server_name"].."
Profile Name"..flow["profile"].."
Dump Flow Traffic") print [[
]] print(' ') print(' ') print('\n') print('
') print("
Additional Flow Elements
" .. getFlowKey(key) .. "" .. handleCustomFlowField(key, value) .. "
\n") end print [[ ]] dofile(dirs.installdir .. "/scripts/lua/inc/footer.lua")