["Niklas Abrahamsson (KI/EAB)" <niklas.abrahamsson@xxxxxxxxxxxx>]

Alright,

So I've spent the whole day looking into the usage of tethereal for getting statistics out of  tcpdumps. Am I on the wrong track here with trying to use tethereal for this? I cant seem to find any good way to do what I want. 

I thought that it would be good to use tethereal since it seems to give so much filtering control. For example if I wanted to get the usage statistics for portnumber usage. I thought that maybe I could use the tethereal syntax to simply get it to go through a dump-file and add upp all the different ports used and then print them to a file. Or maybe even use tethereal to add up all uniqe ports used so that I could generate some kind of statistical graphs in another program over the spread of usage.

Am I on the wrong track here?

Thanksful for any input.

Nicklas

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of Niklas
Abrahamsson (KI/EAB)
Sent: den 12 oktober 2005 10:16
To: Ethereal user support
Subject: RE: [Ethereal-users] Is ethereal the right software for me?


woops,

pressed the wrong button and sent the mail unfinished.

what I was intending to write was that I thought that:

-r 1.dump -z io,stat,100,AVG(frame.pkt_len)frame.pkt_len

would get me the average packetsize of all the packets in the dump. but it doesn't. it just gives the same result as 

-r 1.dump -z io,stat,100

and only gives an output of number of frames and total bytes.

anyone know what I'm doing wrong here? And yes, I am realy new to this kind of work.

Thanks,

Nicklas

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of Ulf Lamping
Sent: den 10 oktober 2005 14:47
To: ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] Is ethereal the right software for me?




Ethereal user support <ethereal-users@xxxxxxxxxxxx> schrieb am 10.10.05 14:05:35:
> 
> Does anyone know of a good tethereal guide somewhere? I'm sitting with the manual for it now and it is somewhat confusing at times. Not really sure what kind of statistics I will be able to get out of the dumps with tethereal. Oh and another question not regarding the usage of ethereal but maybe anyone of you know anyway. I was looking to split some of the tcpdump-files I have so that I could open them in ethereal (the computer cant handle the large files as they are now). I tried using tcpslice but whatever timestamp range I use I only get a 24k file without any valid information. Its either that or getting a copy of the dumpfile if I specify a timestamp range outside the stamps of the file. Anyone know what the problem could be?
> 

There's no real tethereal specific guide (except for the man page). May I suggest that you use Ethereal to get yourself comfortable with the various statistics as the "visual approach" might be a lot faster and the stats should be equal for Ethereal and Tethereal. You can later use Tethereal for "production purpose".

There should be statistics documentation at: http://wiki.ethereal.com/Statistics but the various Statistics devlopers doesn't tend to document their work :-(


I think editcap can split capture files, but I didn't do that myself ...

Regards, ULFL
______________________________________________________________________
XXL-Speicher, PC-Virenschutz, Spartarife & mehr: Nur im WEB.DE Club!		
Jetzt gratis testen! http://freemail.web.de/home/landingpad/?mc=021130

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users