Wireshark-users: Re: [Wireshark-users] match packets at sender and receiver
From: Kevin Cullimore <kcullimo@xxxxxxxxxx>
Date: Wed, 07 Apr 2010 17:12:53 -0400
Apologies for top-posting.
do keep in mind the following: the protocols in play were designed to effectively pass data, not necessarily optimize analysis. Cace technologies created pilot specifically to facilitate such analysis. Beyond obviously, not freeware.

Disclaimer: I'm a paying customer.

On 4/6/2010 10:16 PM, Andrej van der Zee wrote:
Hi,

Thanks for your email.

Maybe you want to share with us why you want to do this. What is your
goal? Checking network performance?

My company does performance analysis of web applications for its
clients. I am asked to analyze tcpdumps. For now, two immediate goals
with respect two packet matching on both sides of the conversation,
are:

* Find time differences between servers, possibly per second to detect
possible clock skews,
* De-duplicate packages on both end of the connection. This can be
done with tools such as "editcap" of course, but becomes very tedious
and error-prone when working with multiple cap-files.

I will have to process multiple cap-files from all servers. I know the
IP numbers,  but I can make no assumptions on how tcpdump is started
by our clients. From the cap-files, we want to visualize communication
of between all IPs: which IP is talking to who, packet count,
protocols, number of bytes, etc. That, and more. If something like
this already exists, I would love to hear from you!

Best regards,
Andrej
___________________________________________________________________________
Sent via:    Wireshark-users mailing list<wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe