Ethereal

Re: [Ethereal-users] Calculate Time Difference for each SYN-SYN/ACK pairs
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: May 2005

 

WRONG ADDRESS

On 5/1/05, Lim Boon Ping <syseeker@xxxxxxxxx> wrote:
> Hi Luis,
>  
> Thanks for you reply. :).
>  
> This link
> http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0.10.9-SVN-13430.exe
>  at http://wiki.ethereal.com/Mate_2fGettingStarted seems to
> be broken, I couldnt manage to download. 
>  
> Due to the above obstacle, I downloaded Windows version of
> ethereal-setup-0.10.10.exe.  Unfortunately, ethereal quit immediately i hit
> 'Apply' after setting configuration filename at Preferences->mate. And
> subsequently I am never able to open ethereal. I tried to reinstall
> ethereal,  and the same error occurs. 
>  
> Next, I tried to run from command prompt by entering
>  
> tethereal -o 'mate.config_filename:tcp.mate' -r mylogfile.pcap -z
> proto,colinfo,'mate.tcp_ses.Duration',mate.tcp.synack
>  
> However, it returns ---> tethereal: -o flag
> "'mate.config_filename:e:\tcp.mate'" specifies unknown
> preferences. 
>  
> Refer to the ethereal's preferences log file, i found the below:
>  
> # The name of the file containing the mate module's configuration
> # A string.
> mate.config: e:\tcp.mate
>  
> Well, changing from  mate.config_filename to mate.config still yield the
> same error. And ethereal works properly after commenting this line. :|
>  
> I am rather interested to try out this experimental version, looking forward
> your reply. :)
>  
> Regards,
> Jocelyn
>  
>  
>  
>  
>  
> LEGO <luis.ontanon@xxxxxxxxx> wrote:
> MATE (http://wiki.ethereal.com/Mate) can help for this.
> 
> bellow you'll find a mate config to measure syn-syn/ack.
> 
> with:
> tethereal -o 'mate.config_filename: tcp_setup.mate' -r your_file.pcap
> -zproto,colinfo,'mate.tcp_ses.Duration' mate.tcp.synack
> 
> you'll get an extra column containing the elapsed time between syn and
> syn/acks.
> 
> Excell (or something similar) can do the rest.
> 
> Luis.
> 
> # tcp_setup.mate
> # First you need to create a tcp pdu extracting the data you need
> Action=PduDef; Name=tcp; Proto=tcp; Transport=ip; addr=ip.addr;
> port=tcp.port; tcp_syn=tcp.flags.syn; tcp_ack=tcp.flags.ack;
> 
> # we won't deal with tcp pdus that have no syn
> Action=PduCriteria; For=tcp; tcp_syn=1;
> 
> # then we'll "mark" the pdus 
> Action=Transform; Name=syn_synack; tcp_syn=1; tcp_ack=1; .synack;
> # if syn/ack matches MATE will stop so the syn/ack won't be marked as syn
> Action=Transform; Name=syn_synack; tcp_syn=1; .syn;
> 
> # we apply the transform
> Action=PduTransform; For=tcp; Name=syn_synack;
> 
> # then we need to group syn and syn/acks
> Action=GopDef; Name=tcp_ses; On=tcp_pdu; addr; addr; port; port; 
> 
> # then we'll start a group at syn and stop at syn/ack
> Action=GopStart; For=tcp_ses; syn;
> Action=GopStop; For=tcp_ses; synack;
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
> 
> 
>

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.