Wireshark · Wireshark-users: Re: [Wireshark-users] match packets at sender and receiver

Wireshark-users: Re: [Wireshark-users] match packets at sender and receiver

From: Andrej van der Zee <andrejvanderzee@xxxxxxxxx>

Date: Wed, 7 Apr 2010 11:16:35 +0900

Hi,

Thanks for your email.

> Maybe you want to share with us why you want to do this. What is your
> goal? Checking network performance?
>

My company does performance analysis of web applications for its
clients. I am asked to analyze tcpdumps. For now, two immediate goals
with respect two packet matching on both sides of the conversation,
are:

* Find time differences between servers, possibly per second to detect
possible clock skews,
* De-duplicate packages on both end of the connection. This can be
done with tools such as "editcap" of course, but becomes very tedious
and error-prone when working with multiple cap-files.

I will have to process multiple cap-files from all servers. I know the
IP numbers,  but I can make no assumptions on how tcpdump is started
by our clients. From the cap-files, we want to visualize communication
of between all IPs: which IP is talking to who, packet count,
protocols, number of bytes, etc. That, and more. If something like
this already exists, I would love to hear from you!

Best regards,
Andrej

Follow-Ups:
- Re: [Wireshark-users] match packets at sender and receiver
  - From: Kevin Cullimore

References:
- [Wireshark-users] match packets at sender and receiver
  - From: Andrej van der Zee
- Re: [Wireshark-users] match packets at sender and receiver
  - From: Boonie

Prev by Date: Re: [Wireshark-users] match packets at sender and receiver
Next by Date: Re: [Wireshark-users] New MAC user, No Capture Interfaces
Previous by thread: Re: [Wireshark-users] match packets at sender and receiver
Next by thread: Re: [Wireshark-users] match packets at sender and receiver
Index(es):
- Date
- Thread