Re: Concurrent TCP Connections

[ronnie sahlberg <ronniesahlberg () gmail com>]

man tethereal

feed the capture through tethereal and use the flags
-R "not frame" -z conv,tcp

the -R flag is to stop tethereal from printing any packet summaries to stdout,

-z flag is to make tethereal to print a table of all TCP sessions to
stdout after the entire capture file has been parsed.


feed this table through pipes through suitable  head,  sort,  sed magic
and convert it into whichever format you need.



On Wed, 25 Aug 2004 09:12:25 +0200, César Cárdenas  wrote:
> Dear all:
> I apologize because I was not clear about my question...
> I use the following instruction for capturing packet info in a file:
>
> windump ?n ?i 2 tcp >tcptest.txt
>
> I am using windows 2000
>
> I want to determine the number of concurrent TCP connections during the
> capturing interval...I look at the SYN, FIN, FIN/PUSH and '.' flags field.
> To my understand:
>
> 'S' + win (value) means the start of a TCP connection
> 'F' or 'FP' means the end of a TCP connection
>
> To determine the number of concurrent TCP connections I start with the first
> line...a counter start with zero, if flag is S+win I add one to a counter
> else I substract one to the counter...through the time this should compute
> the number of concurrent TCP connections...
>
> In a one-hour capturing file the cumulated number of concurrent TCP connections
> is negative (more than -1000)...is that normal?
>
> In addition, the number of concurrent TCP connections through the time decrease
> linearly to more than -1000...
>
> Does any one have a suggestion for computing the number of concurrent TCP
> connections...
>
> Many thanks for your help,
> César
>
> -
> This is the tcpdump-workers list.
> Visit https://lists.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.