Ethereal-users: Re: [Ethereal-users] Separating packet dump into TCP streams

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Mon, 30 Oct 2000 14:49:06 -0800 (PST)
> 1) Is there anyway that, from a given packet dump file, I can create
> several other packet dump files such that each dump file represents one
> TCP stream? I am looking through the filter expressions but I cant see
> anything that sort of relates to what I want to do.

"Follow TCP Stream" constructs a filter expression that matches all
packets in the stream, and then filters with that expression; if, after
you've done a "Follow TCP Stream" (and haven't cleared the filter at the
bottom of the window...), you do a "Save As" and select the "Save only
packets currently being displayed" checkbox in the "Save Capture File
As" dialog box, you can save to a file the packets within the TCP stream
you've followed.

> 2) .. and then I would like to determine the min,max,average delta time
> between packets in all the TCP streams?

Unfortunately, Ethereal doesn't have any tool to generate statistics
such as that; however, there may be tools out there that can read
capture files in libpcap/tcpdump format (which is the default format for
Ethereal) and generate statistics such as that.