----- Original Message -----
From: "Guy Harris"
Sent: Saturday, January 11, 2003 1:36 PM
Subject: Re: [Ethereal-users] Ethereal Top Talkers - Other reporting info?
> On Sat, Jan 11, 2003 at 11:35:23AM +1100, Ronnie Sahlberg wrote:
> > > ----- Original Message -----
> > > From: "Ian Schorr"
> > > Sent: Saturday, January 11, 2003 7:35 AM
> > > Subject: Re: [Ethereal-users] Ethereal Top Talkers - Other reporting
info?
> >
> > > As long as we're talking about new features =)
> > >
> > > How about reporting of Application Response Time within the decode
pane?
> > > (ART as in end-of-call to beginning-of-response delta times, not
> > > call-to-next-UDP-segment-from-server or call-to-TCP-ACK as Sniffer
> > > calculates it =)
> > >
> > > Graphs would be nice, but ideally I'd like to be able to add a column
to
> > > the decode pane that displays ART calculations. Better yet, columns
for
> > > call-to-response, end-of-response to beginning-of-next-call, number of
> > > calls outstanding (unanswered by the server), etc. VERY useful
> > > statistics when trying to troubleshoot any kind of performance issue.
> > >
> > > Is this possible now, and I just don't realize it?
> > >
If you refer to getting these ART values up on the list of packets, no
currently that can not be done in ethereal.
It would however not be very difficult to port the -z proto,colinfo...
from tethereal to ethereal
but it requires a GUI to manage it and noone has done it yet.
But, you can get almost that already in ethereal usding display filters:
For example:
Create one display filter "smb.time>0.020" that has the background mapped as
Yellow.
and one other displayfilter "smb.time>0.050" that colors the background Red.
This would then make the entire line for packets where SMB took more than
20ms and 50ms repsectively either Yellow or Red.
Then it would be just a matter of really fast scrolling the packet list pane
and see if anything Yellow or Red pops by.
Color filters can be found at "Menu:Display/ColorizeDisplay"
See user documentation on color filters.
Using tethereal you can script something similarly useful as
...
NUM_LONG=`tethereal -r $CAPFILE -R "smb.time>0.020" | wc -l`
echo "Number of SMB's that took more than 20ms to service: $NUM_LONG"
NUM_VERY_LONG=`tethereal -r $CAPFILE -R "smb.time>0.050" | wc -l`
echo "Number of SMB's that took more than 20ms to service: $NUM_VERY_LONG"
...
This is just an example. However, looking at SMB service times you might
really want to make the -R filter above a bit more intelligent and filter
out any Transaction2/Notify SMBs since it is sometimes normal
for them to take a very long/infinite time to service.
hope this helps answering your question.
best regards
ronnie sahlberg