Raja wrote:
>
> I am using ethereal to sniff TCP packets in the network. I am actually
> interested to find out the number of retransmissions and number of lost
> packets in the network. Does anyone is aware of some program that will
> display all these statistics from the ethereal software. I am trying to do a
> analysis on the ethereal files using sed and awk. But I am not too sure
> about the logic. Please help. Thanks in advance.
Retransmissions ought to be easy to find: just look for packets with the
same 5-tuple and sequence number. (5-tuple: local port, local IP,
remote port, remote IP, transport protocol).
I have no idea how you detect lost packets, other than to look for the
retransmissions following a loss. There are too many places packets can
be lost that Ethereal can't see. For that matter, your own machine
could drop packets, causing Ethereal to miss them, thus confusing your
analysis. But that should be exceedingly rare with a fast enough
machine.
--
= Warren -- See the *ix pages at http://www.cyberport.com/~tangent/ix/
=
= ICBM Address: 36.8274040 N, 108.0204086 W, alt. 1714m