Re: [Wireshark-users] match packets at sender and receiver

From: Kevin Cullimore <kcullimo_at_nospam>
Date: Wed Apr 07 2010 - 21:12:53 GMT
To: wireshark-users@wireshark.org

Apologies for top-posting.
do keep in mind the following: the protocols in play were designed to
effectively pass data, not necessarily optimize analysis.
Cace technologies created pilot specifically to facilitate such
analysis. Beyond obviously, not freeware.

Disclaimer: I'm a paying customer.

On 4/6/2010 10:16 PM, Andrej van der Zee wrote:
> Hi,
>
> Thanks for your email.
>
>
>> Maybe you want to share with us why you want to do this. What is your
>> goal? Checking network performance?
>>
>>
> My company does performance analysis of web applications for its
> clients. I am asked to analyze tcpdumps. For now, two immediate goals
> with respect two packet matching on both sides of the conversation,
> are:
>
> * Find time differences between servers, possibly per second to detect
> possible clock skews,
> * De-duplicate packages on both end of the connection. This can be
> done with tools such as "editcap" of course, but becomes very tedious
> and error-prone when working with multiple cap-files.
>
> I will have to process multiple cap-files from all servers. I know the
> IP numbers, but I can make no assumptions on how tcpdump is started
> by our clients. From the cap-files, we want to visualize communication
> of between all IPs: which IP is talking to who, packet count,
> protocols, number of bytes, etc. That, and more. If something like
> this already exists, I would love to hear from you!
>
> Best regards,
> Andrej
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list<wireshark-users@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
>
>
>

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe

This message: [ Message body ]
Next message: Kevin Cullimore: "Re: [Wireshark-users] RTP v/s UDP"
Previous message: Kevin Cullimore: "Re: [Wireshark-users] Slowdown after mounting DFS network drives"
In reply to: Andrej van der Zee: "Re: [Wireshark-users] match packets at sender and receiver"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]