Ethereal-users: [Ethereal-users] Re: tethereal vs ethereal functionality

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Wed, 19 Oct 2005 06:00:00 -0400
See the man page for tethereal


Try
tethereal -r capture_file.cap -R "not frame" -z conv,tcp

for statistics on number of packets in each direction for each tcp socket pair.


try -z  with no extra parameter for a list of available stat types.

try -z conv,    for a help screen with which conversation statistics
are available.


On 10/19/05, ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
> To supress the output of the packet summary lines to the output you
> can use the  -q  parameter.
> Older versions of tethereal i belive had issues with -q and it did not
> work properly.
>
> I usually use  -R "not frame"    instead of -q as a habit instead.
>
> Any of these two options will make tethereal only print the (if any)
> -z statistics once it has reached the end of the capture file.
>
>
> Most of the statistics in ethereal has a counterpart in tethereal
> using the -z parameter.
>
> The difference between ethereal and tethereal is that the first
> requires interaction while the second often can be used successfully
> in scripts and batch jobs.
>
>
>
> On 10/19/05, Niklas Abrahamsson (KI/EAB)
> <niklas.abrahamsson@xxxxxxxxxxxx> wrote:
> > Hi,
> >
> > I've posted before about using tethereal for some analysis based on
> > tcpdump-files from a network. While playing around with ethereal and
> > tethereal I realised that I don't know what the difference between the
> two
> > programs are or if there even is one? That was just something I took for
> > granted that there was no difference.
> >
> > I've been trying to do something very simple to start with in tethereal
> and
> > that is to get the average paketsize from a dump and save the results to
> a
> > file. However what I get is basicly a copy of the dump-file since
> tethereal
> > prints the packets to the file and not the result of the statisticquery.
> How
> > would I do to only get the statistics written?
> >
> > The next step I wanted to go exploring is to get a output of the usage of
> > different ports by the captured packets. I guess just to count the number
> of
> > times all ports are used and save the results to a file. Is this
> possible?
> >
> > Thanks in advance,
> >
> > Nicklas
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>