I just checked in some updates to tethereal io-stat calculations.
Tethereal can now, in addition ot frames/bytes counts, also calculate
COUNT,SUM,MIN,MAX,AVG
for several types of fields.
Please see manual page for tethereal.
Example:
tethereal ... -z
"io,stat,0.100,ip.addr==1.1.1.1&&smb.time,MIN(smb.time)ip.addr==1.1.1.1&&smb
.time,MAX(smb.time)ip.addr==1.1.1.1&&smb.time,AVG(smb.time)ip.addr==1.1.1.1&
&smb.time"
This will calculate statistics in 100ms intervals for all smb responses
to/from the host at 1.1.1.1.
(only response packets have the smb.time field)
The output will be presented in 4 columns:
Column1: number of frames/bytes for all such response packets.
Column2: MINimum response time seen in the interval
Column3: MAXimum response time seen in the interval.
Column4: AVeraGe response time seen in the interval.
The output should be simple to convert with some sed magic into something
excel or any other
application capable of producing graphs can import.
Note that the example above is simplified and may not be useful in real
world since some SMB commands will normally have very long response times
(i.e. NOTIFY which normally can take minutes/hours to complete) which will
poison the data. It may be nessecary to enhance the filter to remove the
influence
from those calls.
Other interesting protocols to plot the response time for like this is
probably nfs (rpc.time) and dcerpc.time.
Any other sniffer capable of plotting min/max/average response time from a
specific client over time?
have fun.
ronnie sahlberg
