[Lim Boon Ping <syseeker@xxxxxxxxx>]

Hi Luis,

 

Thanks for you reply. :).

 

This link http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0.10.9-SVN-13430.exe  at http://wiki.ethereal.com/Mate_2fGettingStarted seems to be broken, I couldnt manage to download.

 

Due to the above obstacle, I downloaded Windows version of ethereal-setup-0.10.10.exe.  Unfortunately, ethereal quit immediately i hit 'Apply' after setting configuration filename at Preferences->mate. And subsequently I am never able to open ethereal. I tried to reinstall ethereal,  and the same error occurs.

 

Next, I tried to run from command prompt by entering

 

tethereal -o 'mate.config_filename:tcp.mate' -r mylogfile.pcap -z proto,colinfo,'mate.tcp_ses.Duration',mate.tcp.synack

 

However, it returns ---> tethereal: -o flag "'mate.config_filename:e:\tcp.mate'" specifies unknown preferences.

 

Refer to the ethereal's preferences log file, i found the below:

 

# The name of the file containing the mate module's configuration
# A string.
mate.config: e:\tcp.mate

 

Well, changing from  mate.config_filename to mate.config still yield the same error. And ethereal works properly after commenting this line. :|

 

I am rather interested to try out this experimental version, looking forward your reply. :)

 

Regards,

Jocelyn

 

 

 

 

 
LEGO <luis.ontanon@xxxxxxxxx> wrote:

> MATE (http://wiki.ethereal.com/Mate) can help for this.
>
> bellow you'll find a mate config to measure syn-syn/ack.
>
> with:
> tethereal -o 'mate.config_filename: tcp_setup.mate' -r your_file.pcap
> -zproto,colinfo,'mate.tcp_ses.Duration' mate.tcp.synack
>
> you'll get an extra column containing the elapsed time between syn and syn/acks.
>
> Excell (or something similar) can do the rest.
>
> Luis.
>
> # tcp_setup.mate
> # First you need to create a tcp pdu extracting the data you need
> Action="" Name=tcp; Proto=tcp; Transport=ip; addr=ip.addr;
> port=tcp.port; tcp_syn=tcp.flags.syn; tcp_ack=tcp.flags.ack;
>
> # we won't deal with tcp pdus that have no syn
> Action="" For="" tcp_syn=1;
>
> # then we'll "mark" the pdus 
> Action="" Name=syn_synack; tcp_syn=1; tcp_ack=1; .synack;
> # if syn/ack matches MATE will stop so the
>  syn/ack won't be marked as syn
> Action="" Name=syn_synack; tcp_syn=1; .syn;
>
> # we apply the transform
> Action="" For="" Name=syn_synack;
>
> # then we need to group syn and syn/acks
> Action="" Name=tcp_ses; On=tcp_pdu; addr; addr; port; port; 
>
> # then we'll start a group at syn and stop at syn/ack
> Action="" For="" syn;
> Action="" For="" synack;
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com