On Wed, May 30, 2001 at 12:58:29PM -0400, kai-ethereal-trap@xxxxxxxx wrote:
> I've missed this for some time: is there a way to get relative,
> rather than (bulky, virtually unreadable by a human) absolute
> TCP sequence numbers in dumps from (t)ethereal? (in particular
> tethereal, as screen space is always at a premium with vt100
> terms). tcpdump does this by default,
If you have captured a trace with ethereal and in addition to this you want
to see an overview with relative TCP sequence numbers, I found following
'work around':
Store the trace to disk as ethereal standard file type 'libpcap
(tcpdump,ethereal, etc.)' and open it with tcpdump (or windump as well).
The command line
tcpdump -r "your-ethereal-cap-filename" -l > "your-text-filename"
generates a well readable ASCII-file, such as:
14:36:02.162870 172.27.192.129.3415 > 192.64.38.100.5010: S
307805697:307805697(0) win 11468 <mss 1460>
14:36:04.830145 192.64.38.100.5010 > 172.27.192.129.3415: S 52902:52902(0)
ack 307805698 win 8760 <mss 1460> (DF)
14:36:04.834671 172.27.192.129.3415 > 192.64.38.100.5010: . ack 1 win 11468
14:36:04.840237 172.27.192.129.3415 > 192.64.38.100.5010: P 1:73(72) ack 1
win 11468
14:36:06.353583 192.64.38.100.5010 > 172.27.192.129.3415: P 1:166(165) ack
73 win 8688 (DF)
14:36:06.360943 172.27.192.129.3415 > 192.64.38.100.5010: P 73:145(72) ack
166 win 11468
14:36:07.979423 192.64.38.100.5010 > 172.27.192.129.3415: . ack 145 win
8616 (DF)
14:36:07.983412 172.27.192.129.3415 > 192.64.38.100.5010: P 145:444(299)
ack 166 win 11468
....
greetings
Thomas Kornmueller
Aral Aktiengesellschaft & Co. KG
