[Ian Schorr <spamcontrol2@xxxxxxxxxxx>]

The simple answer is no, Ethereal doesn't currently support what you're 
looking for.

I've often wanted a feature where I can measure/build a report of the 
difference in time between packets' observed arrival at different 
points on a network.  Such a thing would be extremely useful in many 
circumstances, including the "finger-pointing" situation you describe.

This wouldn't be trivial to implement, though the measurement could be 
done fairly simply:

One could, of course, rely on very synchronized clocks between packet 
capture devices and very accurate timestamp recording and simply 
measure deltas between packet arrival times between captures.

Perhaps a bit more accurate under non-ideal conditions (where 
synchronization of host clocks on the recording devices cannot be 
guaranteed), one could keep a (perhaps smoothed) log of deltas between 
host clocks by observing arrival times of packets passing in two 
directions - (d1-d2/2 = average latency, where d1 is the time between 
observing of a packet flowing one direction and a later packet flowing 
the other direction (possibly a reply to the first packet) in one 
capture, and d2 is the time difference between observing the same two 
packets in the other capture)).

However, it'd be difficult to do, especially for all types of traffic.  
For one thing, a mechanism for "fingerprinting" traffic has to be 
devised - how does the software know that a packet in one capture is 
the exact same as one in another capture?  With protocols like TCP 
there's enough information to build a reasonably reliable 
"fingerprint", but not necessarily possible with other protocols.  
Ethereal really doesn't have the infrastructure at this point to 
process this, either...

However, it could be done and would be a very interesting project for 
someone, I'm sure.  Now we just need a volunteer =)

Ian

On Mar 8, 2004, at 1:00 PM, sstudsda@xxxxxxxx wrote:

> We are currently using Cisco's IPM to collect/report network latency.  
> The
> problem that I frequently run into is vendors blaming performance 
> problems
> on the network and won't accept that results of this information.  
> They are
> convinced that the network is doing something to their application only
> either through the use of ACL's or QoS.  The graphs that could be 
> produced
> be this type of comparison would be specific to the vendors 
> application and
> a little harder to argue with the results.
>
> Steve
>
>
>
>
>              "Ahmed, Munaf
>              (RDI)"
>              <Munaf.Ahmed@mail                                         
>  To
>              .va.gov>                  "'Ethereal user support'"
>              Sent by:                  <ethereal-users@xxxxxxxxxxxx>
>              ethereal-users-bo                                         
>  cc
>              unces@xxxxxxxxxxx
>              m                                                     
> Subject
>                                        RE: [Ethereal-users] Network
>                                        Traversal Time
>              03/08/2004 11:51
>              AM
>
>
>              Please respond to
>                Ethereal user
>                   support
>              <ethereal-users@e
>                thereal.com>
>
>
>
>
>
>
>
> You might want to use trace route to determine network latency
> from point A to point B.
>
> If you are trying to debug a tpc session than you can use
> "Follow TCP Stream" under Tools to determine the time.
>
> Munaf Ahmed
> CCIE
>
>
>
> -----Original Message-----
> From: sstudsda@xxxxxxxx [mailto:sstudsda@xxxxxxxx]
> Sent: Monday, March 08, 2004 11:47 AM
> To: ethereal-users@xxxxxxxxxxxx
> Subject: [Ethereal-users] Network Traversal Time
>
>
> Greetings!
> I was wondering if Ethereal has the ability to show the time a packet 
> takes
> to traverse a network by comparing two capture files.  For example, a
> packet enters the network at point A and is captured by Ethereal and a
> second instance of Ethereal captures the same packet at network point 
> B.
> Then, by comparing the times that each packet was captured, be able to
> compute the time it took for that packet to traverse between point A 
> and
> point B and ultimately be able to build a graph showing these times.
>
> If this doesn't exist, would someone be able to point me in the right
> direction as far as developing this capability?
>
> Thanks All!
> Steve
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users