Hi Guys,
Need advice as I dont know what to conclude
Scenario
I went to a customer site and did some packet captures usis NAI sniffer. I
will use the logon-app.trc as an example. I basically captured packets while
a user logged on to a remote application. The aim being how much traffic is
generated while logging on to determine how much bandwidth is used.
1)i used tethereal/ethereal(same as the summary window i presume) to view
the logon-app,trc file (output below and please correct me if I have
misunderstood any part in my descriptions)
frame frames:303 bytes:29884(Total
payload+headers)
tr frames:303 bytes:29884
llc frames:303 bytes:29884
ip frames:303 bytes:29884
tcp frames:303 bytes:29884
data frames:214 bytes:24366 (total
payload bytes)
2)using NAI sniffer I got 31096 bytes in total when you click on the
statistics tab on NAI sniffer.
3)using tcpdump
12:38:40.760392 snap ip 10.101.2.161.3459 > 11.134.32.61.ica: P [tcp sum ok]
98260575:98260602(27) ack 3072908457 win 8458 (DF) (ttl 32, id 2330, len 67)
My understanding is
(27) - is the payload in bytes
len 67 - is total bytes payload+headers (I think this only adds the tcp and
ip headers)
I then used a script using a combination of awk and sed to format and grab
the columns with the total byte lengths for each frame e.g (len 67) for both
src and dst e.g
tcpdump -r logon-app-trc.cap src <ip> -vvv
tcpdump -r logon-app-trc.cap dst <ip> -vvv
and then added them all together and it gave me
23218 bytes in total
23218 bytes
Now judging by what I want done which is to determine the amount of
bandwidth consumed on logon which of this is giving me a true picture in
which I can use in my bandwidth calculation.
Any help or advice will be greatly appreciated on the best approach. And
please correct me any where I might have mis-understood anything.
Regards,
Seun
_________________________________________________________________
It's fast, it's easy and it's free. Get MSN Messenger today!
http://www.msn.co.uk/messenger