Ethereal-users: Re: [Ethereal-users] How to calculate jitter from an Ethereal file?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: David Moore <davem@xxxxxxxxx>
Date: Wed, 01 May 2002 09:05:56 -0400
Why not just set the Ethereal display line to time only and do a print to file?

That way you also have the ability to use Ethereal's filters for subsetting and no programming is
required.

Guy Harris wrote:

> On Wed, May 01, 2002 at 05:03:44PM +0930, Max Kristiansson wrote:
> > Is it possible to export the time vector to be able to calculate the jitter
> > of the packets captured with Ethereal?
>
> Well, if *all* you want to look at is the time stamp of each packet -
> i.e., not look at the packet data *at all* - it'd probably be easy to
> write a program using libpcap to read an Ethereal capture file (as its
> native capture format is libpcap format).
>
> Note that the program could probably be written in Perl, using
> Net::Pcap:
>
>         http://search.cpan.org/search?module=Net::Pcap
>
> or perhaps using similar packages for other scripting languages (Perl,
> Ruby, etc.).
>
> However, if you want to do more than that, e.g. only look at the time
> stamps of some packets, it's a bit more work.
>
> If the packets can be selected by a libpcap filter (the sort of filter
> used for capturing in Ethereal), and you don't need to look at the
> packet data except to check whether it's the right type of packet, you
> could have the program in question specify a filter to libpcap.
>
> If, however, they could only be selected by an Ethereal display filter,
> you'd want to use tethereal to read the capture file and then write out
> selected packets to a file, e.g. with
>
>         tethereal -r {input file} -w {output file} -R {display filter}
>
> and then run the program on the output file.
>
> If, however, you'd need to look at the *contents* of the packets, you
> could do that in the program - but you don't get the results of the work
> Ethereal or Tethereal did analyzing the contents of the packets.
>
> You could perhaps run
>
>         tethereal -V -r {input file}
>
> and parse the text output of that file, which would let you get the time
> stamps and the results of Tethereal's analysis of the packets.
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users

--
David E. Moore
The Mitre Corporation -- 11493 Sunset Hills Road -- Reston, VA.  20190-5214
703-883-7830 -- davem@xxxxxxxxx