Ethereal-dev: Re: [Ethereal-dev] SCTP analysis (similar to tcp.analysis stuff)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Fri, 8 Jul 2005 13:53:30 +0200
Hi Jeff,

see my comments in-line.

Best regards
Michael

On Jul 8, 2005, at 10:01 AM, Jeff Morriss wrote:



Michael Tuexen wrote:
Yes, you are right. I mixed the stuff up. So the right place would be the dissector. 
Jeff, so do you think that it would be useful?
Yes, in fact that's exactly what I am looking for... I have a capture file with so many retransmissions and duplicate SACKs that it makes my head spin--especially when I try to sort out the mess. (Of course, it also made Ethereal crash in the TSN graph stuff-- thus bug #280. ;-)) 
That is fixed in svn.
Regarding your (Michael's) multi-homing question: I agree that this could be an issue, but analyzing at least what's in the capture file we have would be a start. And by using Linux (capture on "all" devices) or 'mergecap' we can get all the packets in one file for analysis if need-be. This assumes, of course, that the analysis stuff could/would track the associations by Vtag and not just by the IP addresses in the current packet.
This is the complex stuff. We have to extend the conversation concept to cover SCTP associations. Once you have the VTags and port numbers it is simple. The difficult part is to set this information up if you do not see the handshake, especially 
the INIT-ACK.
The good news is that we have a solution which does this, but we have still to integrate that into the 
conversation concept.
It is on my ToDo list, but I can not say when I can start working on it.


Regards,
-Jeff



Michael Tuexen wrote:
But I think (maybe I'm wrong) is that the sequence number analysis was developed earlier than the tap stuff. And the other thing is that the sequence number stuff is not link layer independent like it would be it 
it done via taps.




To which sequence number analysis are you referring?
I was referring to the analysis the results of which show up in the protocol tree, which is the one that detects retransmissions, duplicate ACKs, etc.; that code is link-layer independent, as it's done in the dissector.
It sounds as if you're talking about the TCP graphs, which aren't link-layer independent (and which should be redone as a tap to make it link-layer independent). 



_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev