Ethereal-users: [Ethereal-users] Re: data vs packet length, and a suggestion to developers
Dear colleagues,
I have resolved one of my problems: exporting the
capture file to Excell. The other problem, which I
haven't mentioned in detail was that I could not run
Ethereal 0.10.6 on Windows ME, so I worked on an XP
(the problem remains, but is already mentoned by other
users).
Just for the reference of those who might need it, I
am going to describe how I calculated the data part of
the complete FTP traffic. One reason why I go into
details is to suggest an improvement to the
developers. Namely, it would be easier if I could use
a more uniform type of column delimiters. Perhaps if
the data in each capture column would end with a sign,
semicolumn ( ; ) for instance, and if the Ethereal
capture itself divided the data into more columns, the
export to Excel business would be easier. For example:
'Destination address' (next column)
'xx-xx-xx-xx-xx-xx' (next column) 'Source Address'
(next column), etc. However, I admit that I am new to
Ethereal. There might exist a more simple way to do
what I have described below.
Sincere thanks to all!
SanjaM
1. Check the validity of the data with Analyze -
Follow TCP Stream; Clear Filter
2. Set filter to 'data', in order to extract the
direction in which data is sent (I am dealing with an
ftp session). Take a look at Summary - Average Packet
Size for the Displayed Packets.
3. Edit - Mark All Packets
4. File - Export - As 'Plain Text' File; Packet Range:
Captured/Marked Pkts Only; Packet Format: Packet
Summary Line only, Export to File: (filename.txt)
5. Excel, Open New, Data - Get External Data - Import
Text File - (...) - Import
6. Text Import Wizard, Step 1 type:Delimited, Step 2
Delimiters: other: L, Step 3 Finish, OK
7. Mark the last column and go to Data - Text to
Columns
8. Convert Text to Column Wizard, Step 1 Delimited,
Step 2 Delimiters: Other: = , Step 3 Finish
Now in the last Excel file column, the data lenghts
are shown. Their average can be substracted from the
Average Packet Size (seen in step 2. above), and the
result is the total length of the headers:
TCP+IP+Ethernet (20+20+14). If it is not, the network
equipment might have been misconfigured.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com