#!/bin/sh

# get-bad-isns - extract TCP initial sequence numbers of corrupted sessions

# usage: get-bad-isns filename...

for i
do
    tcpdump -xnr $i | tcpdumpx | awk '
	BEGIN			{ file = "'$i'" }
	/^[0-9].*: S .*\(0\) win/ { split($2, x, /\./); src = x[5]
				    split($4, x, /\./); dst = x[5]
				    syn=$6 }
	/\^A  \^A/		  { print file, src, dst, syn }
    ' | sed '
	s/(0)//
	s/: / /
    '
done
