On Tue, Mar 21, 2006 at 10:44:40AM -0500, Fowler, Steve wrote:
>
> Ideally, what I would like to achieve is a tool which requires you to
> specify the input file and the IP addresses in question and the tool will
> identify all the transfers that occurred within that capture file and
> produce reports on the amount of data transferred in each session.
The key word here is "session", what is your definition of session? I
can imagine you want to aggregate data on the following items:
- ip-address, giving a total amount of packets/octets in/out per address
- tcp-session, giving the same for each tcp-session for each ip-address
- transfers, given the date/time and totals for each (file)transfer.
The first two are not to hard to do, there are some open-source projects
doing this kind of stuff. Otherwise it is not so hard to script on top
of tethereal. You might also want to check the output-options of the
"conversations" in ethereal, they might help you out straight away.
The 3rd option has been discussed on this list last week or so, it
would require much more intelligence to be able to extract the correct
packets from a trace belonging to a single transfer (whether it would
be SMB, NFS, HTTP, FTP or something completely different).
The question would therefore be, what would you like the output to
look like?
Cheers, Sake