Ethereal-users: Re: [Ethereal-users] Calculate Time Difference for each SYN-SYN/ACK pairs
WRONG ADDRESS
On 5/1/05, Lim Boon Ping <syseeker@xxxxxxxxx> wrote:
> Hi Luis,
>
> Thanks for you reply. :).
>
> This link
> http://www.ethereal.com/distribution/buildbot-builds/ethereal-setup-0.10.9-SVN-13430.exe
> at http://wiki.ethereal.com/Mate_2fGettingStarted seems to
> be broken, I couldnt manage to download.
>
> Due to the above obstacle, I downloaded Windows version of
> ethereal-setup-0.10.10.exe. Unfortunately, ethereal quit immediately i hit
> 'Apply' after setting configuration filename at Preferences->mate. And
> subsequently I am never able to open ethereal. I tried to reinstall
> ethereal, and the same error occurs.
>
> Next, I tried to run from command prompt by entering
>
> tethereal -o 'mate.config_filename:tcp.mate' -r mylogfile.pcap -z
> proto,colinfo,'mate.tcp_ses.Duration',mate.tcp.synack
>
> However, it returns ---> tethereal: -o flag
> "'mate.config_filename:e:\tcp.mate'" specifies unknown
> preferences.
>
> Refer to the ethereal's preferences log file, i found the below:
>
> # The name of the file containing the mate module's configuration
> # A string.
> mate.config: e:\tcp.mate
>
> Well, changing from mate.config_filename to mate.config still yield the
> same error. And ethereal works properly after commenting this line. :|
>
> I am rather interested to try out this experimental version, looking forward
> your reply. :)
>
> Regards,
> Jocelyn
>
>
>
>
>
> LEGO <luis.ontanon@xxxxxxxxx> wrote:
> MATE (http://wiki.ethereal.com/Mate) can help for this.
>
> bellow you'll find a mate config to measure syn-syn/ack.
>
> with:
> tethereal -o 'mate.config_filename: tcp_setup.mate' -r your_file.pcap
> -zproto,colinfo,'mate.tcp_ses.Duration' mate.tcp.synack
>
> you'll get an extra column containing the elapsed time between syn and
> syn/acks.
>
> Excell (or something similar) can do the rest.
>
> Luis.
>
> # tcp_setup.mate
> # First you need to create a tcp pdu extracting the data you need
> Action=PduDef; Name=tcp; Proto=tcp; Transport=ip; addr=ip.addr;
> port=tcp.port; tcp_syn=tcp.flags.syn; tcp_ack=tcp.flags.ack;
>
> # we won't deal with tcp pdus that have no syn
> Action=PduCriteria; For=tcp; tcp_syn=1;
>
> # then we'll "mark" the pdus
> Action=Transform; Name=syn_synack; tcp_syn=1; tcp_ack=1; .synack;
> # if syn/ack matches MATE will stop so the syn/ack won't be marked as syn
> Action=Transform; Name=syn_synack; tcp_syn=1; .syn;
>
> # we apply the transform
> Action=PduTransform; For=tcp; Name=syn_synack;
>
> # then we need to group syn and syn/acks
> Action=GopDef; Name=tcp_ses; On=tcp_pdu; addr; addr; port; port;
>
> # then we'll start a group at syn and stop at syn/ack
> Action=GopStart; For=tcp_ses; syn;
> Action=GopStop; For=tcp_ses; synack;
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
>