I would be unbelievably greatful for your script... it would help me very much :)
- George
> On Sat, Apr 01, 2006 at 03:27:10PM -0500, George Nychis wrote:
>>
>> I do mean TCP Connections.
>>
>> I was hoping tethereal could do this because i've already written some
>> scripts to parse my log files that I could substitute new tethereal
>> commands and filters into.
>>
>> But if all else fails I can definitely try this out!
>
> George,
>
> I have written a (perl)script a while back that parses ethereal output and
> produces the following output about tcp-streams:
>
> $ flows.pl trace.cap
> 0,1.1.1.1:1190->2.2.2.2:443,0.000000,63.708205,8,9,844,1745,SsA+a-+-+a-A-
> ffAR
> 1,1.1.1.1:1190->2.2.2.2:81,0.035901,63.682639,7,6,517,474,SsA+a-A-AfAFa
> 2,1.1.1.1:1191->2.2.2.2:443,292.293840,2.64925600000004,19,21,4827,16450,
> SsA+a-+a+---A-A+-+-----AAA+-+a----AAA+Rr
> 3,1.1.1.1:1191->2.2.2.2:81,292.329186,2.61231500000002,20,20,3774,16199,S
> sA+a-A--A-AA+a-A+--A--A-A+-A+--A--AFafA
> 4,1.1.1.1:1192->2.2.2.2:443,294.566017,0.118852000000004,4,3,102,146,SsA+
> a-R
> 5,1.1.1.1:1192->2.2.2.2:81,294.600691,0.0852050000000304,4,3,0,0,SsAFafA
> 6,1.1.1.1:1193->2.2.2.2:443,294.727954,0.207250999999985,6,5,1032,1466,Ss
> A+a-+-+-R
> 7,1.1.1.1:1193->2.2.2.2:81,294.763050,0.175164999999993,6,5,729,241,SsA+a
> -AFafA
> 8,1.1.1.1:1194->2.2.2.2:443,294.939192,47.239815,16,17,5507,7489,SsA+a-+a
> +-+-+-----AAA+-+-+-+-A-fA
> 9,1.1.1.1:1194->2.2.2.2:81,294.973244,47.165423,19,15,5191,7173,SsA+a-A+a
> -A+--A--A-A+-A+-A+-A+-AfA
> 10,1.1.1.1:1195->2.2.2.2:443,297.199711,44.982584,11,11,4045,899,SsA+a-+a
> +-+-+-+-+-A-fA
>
> tcp-session-number src-ip:port->dst-ip:port start-time (relative to trace)
> duration packets in packets out bytes in bytes out overview of syn, ack, data,
> fin etc...
>
> Does this come close to what you need?
>
>
> Cheers, Sake _______________________________________________
> Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
--