Ethereal-users: Re: [Ethereal-users] tcp concurrent connections extraction
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Hansang Bae <hbae@xxxxxxxxxx>
Date: Wed, 22 Feb 2006 00:59:48 -0500
On 11:23 AM 2/21/2006, Marcus Hager wrote:
>I am searching for a tool which extracts out of a given capture file the number of concurrent tcp connections to a given server ip and tcp port.
>I'd like to see this number of connections over the time, from the start until the end of the capture.
>
>The idea is to reproduce the number of "connected" sockets the target server had during the capture.
>Of course some information from before the start of the capture will be missing, but if the capture is big enough and most connections are short-term (http) this shouldn't matter.
>
>Is it possible to extract this infomation somehow by using ethereal ? If not, does anyone know a tool which is capable of this ?
>Or wouldn't this be a nice new ethereal statistics feature ? ;-))
I supposed you could do it with Ethereal using various display filters, but it would be much easier to use tcptrace. www.tcptrace.org
sample report:
32 packets seen, 32 TCP packets traced
elapsed wallclock time: 0:00:00.037948, 843 pkts/sec analyzed
trace file elapsed time: 0:00:00.404427
TCP connection info:
1 TCP connection traced:
TCP connection 1:
host a: elephus.cs.ohiou.edu:59518
host b: a17-112-152-32.apple.com:http
complete conn: yes
first packet: Thu Jul 10 19:12:54.914101 2003
last packet: Thu Jul 10 19:12:55.318528 2003
elapsed time: 0:00:00.404427
total packets: 32
filename: malus.dmp.gz
a->b: b->a:
total packets: 16 total packets: 16
ack pkts sent: 15 ack pkts sent: 16
pure acks sent: 13 pure acks sent: 2
sack pkts sent: 0 sack pkts sent: 0
dsack pkts sent: 0 dsack pkts sent: 0
max sack blks/ack: 0 max sack blks/ack: 0
unique bytes sent: 450 unique bytes sent: 18182
actual data pkts: 1 actual data pkts: 13
actual data bytes: 450 actual data bytes: 18182
rexmt data pkts: 0 rexmt data pkts: 0
rexmt data bytes: 0 rexmt data bytes: 0
zwnd probe pkts: 0 zwnd probe pkts: 0
zwnd probe bytes: 0 zwnd probe bytes: 0
outoforder pkts: 0 outoforder pkts: 0
pushed data pkts: 1 pushed data pkts: 1
SYN/FIN pkts sent: 1/1 SYN/FIN pkts sent: 1/1
req 1323 ws/ts: Y/Y req 1323 ws/ts: Y/Y
adv wind scale: 0 adv wind scale: 0
req sack: Y req sack: N
sacks sent: 0 sacks sent: 0
urgent data pkts: 0 pkts urgent data pkts: 0 pkts
urgent data bytes: 0 bytes urgent data bytes: 0 bytes
mss requested: 1460 bytes mss requested: 1460 bytes
max segm size: 450 bytes max segm size: 1448 bytes
min segm size: 450 bytes min segm size: 806 bytes
avg segm size: 449 bytes avg segm size: 1398 bytes
max win adv: 40544 bytes max win adv: 33304 bytes
min win adv: 5840 bytes min win adv: 33304 bytes
zero win adv: 0 times zero win adv: 0 times
avg win adv: 23174 bytes avg win adv: 33304 bytes
initial window: 450 bytes initial window: 1448 bytes
initial window: 1 pkts initial window: 1 pkts
ttl stream length: 450 bytes ttl stream length: 18182 bytes
missed data: 0 bytes missed data: 0 bytes
truncated data: 420 bytes truncated data: 17792 bytes
truncated packets: 1 pkts truncated packets: 13 pkts
data xmit time: 0.000 secs data xmit time: 0.149 secs
idletime max: 103.7 ms idletime max: 99.9 ms
throughput: 1113 Bps throughput: 44957 Bps
- Prev by Date: [Ethereal-users] Unable to capture bidirectional traffic
- Next by Date: Re: [Ethereal-users] vlan
- Previous by thread: Re: [Ethereal-users] tcp concurrent connections extraction
- Next by thread: [Ethereal-users] stupid user question
- Index(es):