Hello,
Currently I'm using the following command to extract
information for TCP conversation on a dump file:
`tethereal -z conv,tcp -r file.log eth.src ne eth.src`
I was wondering if it's also possible to get the
conversation start and end time? My current solution to
this is running tethereal a second time to find the first packet
and last packet on each conversation using a small AWK script.
However this is inefficient since it requires a pass for each
conversation.
Also, I'm using "eth.src ne eth.src" as an "always false"
filter so I don't get the packets one-line summary. Any better ways
of doing this?
Thanks,
ppl
P.S. The command run for each conversation look like this:
tethereal -r file.log \(ip.addr eq $IP1 and ip.addr eq $IP2\) and
\(tcp.port eq $PORT1 and tcp.port eq $PORT2\) | awk 'BEGIN
{min = -1; max = 0;} { if (min == -1) min = $ 1; max = $1;}
END {printf "%s %s", min, max;}'
_______________________________________________
Ethereal-users mailing list
[EMAIL PROTECTED]
http://www.ethereal.com/mailman/listinfo/ethereal-users
