Of course, it is actually even more useful for tethereal users since it can be scripted.
tethereal -n -r foo.cap.gz -z rpc,rtt,100003,3 Creates a text table after all other output similar to the png from ethereal. What the magic numbers 100003 and 3 refer to i leave as an excersise for the reader. or tethereal -n -r foo.cap.gz -z rpc,rtt,100003,3,nfs.fh.hash==0x12345678 (for stats for a specific file, when filtering for nfs.fh.hash, dont forget to enable the nfs.fhandle_find_... option) For tethereal powerusers: This uses magic to create one RPC RTT stat for each and every NFS file that exists in the capture: tethereal -V -n -r foo.cap.gz | grep hash | sed -e "s/.*hash: //" | sort | uniq | while read HASH ;do tethereal -n -r foo.cap.gz -o "nfs.fhandle_find_bith_reqrep:TRUE" -z "rpc,rtt,100003,3,nfs.fh.hash==$HASH" | tail -27 done This first scans the capture to find all filehandle hashses, then for each hash it calls tethereal again to generate rtt stats for that particular file. tethereal is called once for each hash. performance can be improved if it is rewritten to only call tethereal once here but with multiple -z commands. one -z for each hash. This is quite powerful and something i dont think any other tool can do. If you are getting ideas about DCE-RPC stats like this. Probably very easy to implement but first DCERPC must be enhanced to calculate and display the RTT as ONC-RPC does. This is trivial and probably consists of like 10-15 lines basically copied from packet-rpc.c We could start generating stats for any interesting protocol this way. I started with ONCRPC since it was easiest and it would automagically cover some 20-25 interesting higher protocols. DCERPC would definitely be good to have. Then specific ones such as DNS, SMB,ARP,ICMP-echo, ... ----- Original Message ----- From: "Jaime Fournier" > Looks very interesting. > Any way to generate this stuff from tethereal?
