Re: [Ethereal-users] how to get total time of a connections?

[Sake Blok <sake@xxxxxxxxxx>]

On Sat, Apr 01, 2006 at 03:27:10PM -0500, George Nychis wrote:
> 
> I do mean TCP Connections.
> 
> I was hoping tethereal could do this because i've already written some
> scripts to parse my log files that I could substitute new tethereal
> commands and filters into.
> 
> But if all else fails I can definitely try this out!

George, 

I have written a (perl)script a while back that parses ethereal output 
and produces the following output about tcp-streams:

$ flows.pl trace.cap
0,1.1.1.1:1190->2.2.2.2:443,0.000000,63.708205,8,9,844,1745,SsA+a-+-+a-A-ffAR
1,1.1.1.1:1190->2.2.2.2:81,0.035901,63.682639,7,6,517,474,SsA+a-A-AfAFa
2,1.1.1.1:1191->2.2.2.2:443,292.293840,2.64925600000004,19,21,4827,16450,SsA+a-+a+---A-A+-+-----AAA+-+a----AAA+Rr
3,1.1.1.1:1191->2.2.2.2:81,292.329186,2.61231500000002,20,20,3774,16199,SsA+a-A--A-AA+a-A+--A--A-A+-A+--A--AFafA
4,1.1.1.1:1192->2.2.2.2:443,294.566017,0.118852000000004,4,3,102,146,SsA+a-R
5,1.1.1.1:1192->2.2.2.2:81,294.600691,0.0852050000000304,4,3,0,0,SsAFafA
6,1.1.1.1:1193->2.2.2.2:443,294.727954,0.207250999999985,6,5,1032,1466,SsA+a-+-+-R
7,1.1.1.1:1193->2.2.2.2:81,294.763050,0.175164999999993,6,5,729,241,SsA+a-AFafA
8,1.1.1.1:1194->2.2.2.2:443,294.939192,47.239815,16,17,5507,7489,SsA+a-+a+-+-+-----AAA+-+-+-+-A-fA
9,1.1.1.1:1194->2.2.2.2:81,294.973244,47.165423,19,15,5191,7173,SsA+a-A+a-A+--A--A-A+-A+-A+-A+-AfA
10,1.1.1.1:1195->2.2.2.2:443,297.199711,44.982584,11,11,4045,899,SsA+a-+a+-+-+-+-+-A-fA

tcp-session-number
src-ip:port->dst-ip:port
start-time (relative to trace)
duration
packets in
packets out
bytes in
bytes out
overview of syn, ack, data, fin etc...

Does this come close to what you need?


Cheers,   Sake