Ethereal-users: Re: [Ethereal-users] how to get total time of a connections?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: George Nychis <gnychis@xxxxxxx>
Date: Sun, 02 Apr 2006 12:29:53 -0400
Anyone else try this script in Linux?  I don't think it would make any
differences since both tools are standard across both.. but i'm not
getting any flow information printed out, only standard tethereal output:

235879 171898.784066 192.168.1.112 -> 207.46.20.60 TCP 33925 > 80 [ACK]
Seq=189 Ack=961 Win=7760 Len=0 TSV=294276414 TSER=121110989

George Nychis wrote:
> Thank you very much!  I am going to try and run it in linux and will let
> you know how it goes.  I greatly appreciate your help, I will let you
> know if I make any changes to it.
> 
> - George
> 
> 
> Sake Blok wrote:
>> George,
>>
>> Here is the script, I added a little copyright notice (taken and
>> modified from yet another script lol). If you make some nice additions
>> to the script, I would love to hear about it. Please take into account
>> that this script was written under cygwin and that I included some extra
>> fields in the ethereal columns, see the comment in the script about my
>> column-settings :)
>>
>> I hope it helps you out...
>>
>>
>> Cheers,   Sake
>>
>> ----- Original Message ----- From: "George P Nychis" <gnychis@xxxxxxx>
>> To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
>> Sent: Sunday, April 02, 2006 7:47 AM
>> Subject: Re: [Ethereal-users] how to get total time of a connections?
>>
>>
>>> I would be unbelievably greatful for your script... it would help me
>>> very much :)
>>>
>>> - George
>>>
>>>
>>>> On Sat, Apr 01, 2006 at 03:27:10PM -0500, George Nychis wrote:
>>>>> I do mean TCP Connections.
>>>>>
>>>>> I was hoping tethereal could do this because i've already written some
>>>>> scripts to parse my log files that I could substitute new tethereal
>>>>> commands and filters into.
>>>>>
>>>>> But if all else fails I can definitely try this out!
>>>> George,
>>>>
>>>> I have written a (perl)script a while back that parses ethereal
>>>> output and
>>>> produces the following output about tcp-streams:
>>>>
>>>> $ flows.pl trace.cap
>>>> 0,1.1.1.1:1190->2.2.2.2:443,0.000000,63.708205,8,9,844,1745,SsA+a-+-+a-A-
>>>>
>>>> ffAR
>>>> 1,1.1.1.1:1190->2.2.2.2:81,0.035901,63.682639,7,6,517,474,SsA+a-A-AfAFa
>>>> 2,1.1.1.1:1191->2.2.2.2:443,292.293840,2.64925600000004,19,21,4827,16450,
>>>>
>>>> SsA+a-+a+---A-A+-+-----AAA+-+a----AAA+Rr
>>>> 3,1.1.1.1:1191->2.2.2.2:81,292.329186,2.61231500000002,20,20,3774,16199,S
>>>>
>>>> sA+a-A--A-AA+a-A+--A--A-A+-A+--A--AFafA
>>>> 4,1.1.1.1:1192->2.2.2.2:443,294.566017,0.118852000000004,4,3,102,146,SsA+
>>>>
>>>> a-R
>>>> 5,1.1.1.1:1192->2.2.2.2:81,294.600691,0.0852050000000304,4,3,0,0,SsAFafA
>>>> 6,1.1.1.1:1193->2.2.2.2:443,294.727954,0.207250999999985,6,5,1032,1466,Ss
>>>>
>>>> A+a-+-+-R
>>>> 7,1.1.1.1:1193->2.2.2.2:81,294.763050,0.175164999999993,6,5,729,241,SsA+a
>>>>
>>>> -AFafA
>>>> 8,1.1.1.1:1194->2.2.2.2:443,294.939192,47.239815,16,17,5507,7489,SsA+a-+a
>>>>
>>>> +-+-+-----AAA+-+-+-+-A-fA
>>>> 9,1.1.1.1:1194->2.2.2.2:81,294.973244,47.165423,19,15,5191,7173,SsA+a-A+a
>>>>
>>>> -A+--A--A-A+-A+-A+-A+-AfA
>>>> 10,1.1.1.1:1195->2.2.2.2:443,297.199711,44.982584,11,11,4045,899,SsA+a-+a
>>>>
>>>> +-+-+-+-+-A-fA
>>>>
>>>> tcp-session-number src-ip:port->dst-ip:port start-time (relative to
>>>> trace)
>>>> duration packets in packets out bytes in bytes out overview of syn,
>>>> ack, data,
>>>> fin etc...
>>>>
>>>> Does this come close to what you need?
>>>>
>>>>
>>>> Cheers,   Sake _______________________________________________
>>>> Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx
>>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>>
>>>>
>>>
>>> -- 
>>>
>>> _______________________________________________
>>> Ethereal-users mailing list
>>> Ethereal-users@xxxxxxxxxxxx
>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>
>>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Ethereal-users mailing list
>> Ethereal-users@xxxxxxxxxxxx
>> http://www.ethereal.com/mailman/listinfo/ethereal-users
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>