[Chris Rapier <rapier@xxxxxxx>]

Guy Harris wrote:
> On Fri, Nov 08, 2002 at 05:14:05PM -0500, Chris Rapier wrote:
>
> > What I'd like to do is have a tool that will merge the two half 
> > duplex dumps into a full duplex one.
> >
> > Can ethereal do anything like this?
>
>
> No, but mergecap, which comes with Ethereal, can merge two (or more)
> capture files, in any format that Ethereal can read (as it uses the same
> library that Ethereal and Tethereal do to read capture files), into a
> file written in any format that Ethereal can write (as long as the
> output format can handle both network layer types).

Excellent! I'm not quite sure if this will tell me anything I don't 
really already know (most of the stuff I do is in flow analysis which is 
inherently unidirectional anyway) but it'll be an interesting area to 
explore for a while.

However, a lot of this is dependant on me being able to grab 2 320Mbit 
plus streams simultaneously without dropping too many packets (which has 
still proven to be problematic).

> > Would I need to sync the GigE clocks to an external source?
>
>
> It would probably work better if the time stamps in the two capture
> files on each of the ports were synchronized.

That may prove tricky depending on how much clock drift there is. CAIDA 
and Waikato in NZ have done a lot of this sort of thing but they made 
use of GPS syncs which I don't have access to (being that I can't 
squeeze any more money out of the budget at this point).

Thanks for your help Guy


> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users