thank you its working. thanks for taking interest in the problem.
nehal.
-----Original Message-----
From: Guy Harris [mailto:gharris@xxxxxxxxx]
Sent: Friday, December 27, 2002 2:25 PM
To: Nehal Shah
Cc: 'ethereal-dev@xxxxxxxxxxxx'
Subject: Re: [Ethereal-dev] parsing the whole dir using ethereal for the
error checking of p ackets
On Fri, Dec 27, 2002 at 12:13:53PM -0800, Nehal Shah wrote:
> I have a dir in which there r 100 .enc files (capture files). I do not
want
> to look at each one on of those files and figure out whether each packet
> meets CRC PASS or not according to ethereal.
Well, first of all, note that Ethereal doesn't check Ethernet CRCs, so
if you want it to check *those*, you're out of luck.
It can check PPP CRCs, and some other CRCs, as well as some non-CRC
checksums such as IP, TCP, and UDP checksums.
> I would rather modify ethereal
> so when it has CRC error it tells me "Filename XXXX has YYYY CRC errors"
> etc. so I would be interested in doing something like.
One way to do this, *if* the particular protocol whose CRC or checksum
has a filterable field that specifies whether the checksum on a packet
was valid or not, e.g. "ip.checksum_bad" which is a Boolean field whose
value is "true", i.e. 1, for IP packets with a bad cheader checksum,
would, at least on UNIX, be to do something such as
tethereal -R "ip.checksum_bad == 1" -r {capture file} | wc -l
which would read the capture file whose name is "{capture file}"
(replace "{capture file}" with the name of a file), throwing away all
packets where "ip.checksum_bad" is *not* true, and writing out to the
standard output a summary line for other packets. That gets piped to
"wc -l", which will report how many lines it read - i.e., how many
packets had "ip.checkum_bad" being true.
One could then do something in that directory such as
for i in *.enc
do
bad_packets=`tethereal -R "ip.checksum_bad == 1" -r $i | wc
-l`
if [ $bad_packets -ne 0 ]
then
echo "File $i has $bad_packets bad IP checksums"
fi
done
If you are running on Windows, I would suggest installing Cygwin:
http://sources.redhat.com/cygwin/
in which case you will probably
1) have "wc" available when running under Cygwin
and
2) be using the Bourne-again Shell, in which case a loop of that
sort will work.
(You will, of course, need to set your command search path in the shell
to find Tethereal.)