Wireshark · Ethereal-dev: Re: [Ethereal-dev] SCTP analysis (similar to tcp.analysis stuff)

[Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>]

Hi Jeff,

yes, I thought about it. First I think it should be done in a tap,  
because you can collect
there the necessary information easily.

But it is difficult to do a good analysis because you can not be sure  
to know about all
packets which were sent. If you capture not on all links, you have a  
problem. And
you can not capture on both endpoints. Doing it right would require  
to have two captures
and compare them.

However, it might be better than nothing just to use the information  
in the capture and
provide some hints... I think this could be done by using the data in  
the data structures for
the GUI stuff.

Best regards
Michael

On Jul 7, 2005, at 6:42 PM, Jeff Morriss wrote:

> Hi list,
>
> Has anyone ever thought about adding the kind of advanced sequence  
> number analysis that the TCP dissector has to SCTP (detecting  
> retransmissions, duplicate ACKs, etc.)?
>
> In TCP it's done inside the dissector (which allows cool things  
> like jumping do the frame with the duplicate ack) but is that how  
> it should be done now or would a tap be better?  (Or should be be  
> added to the existing--GUI based--SCTP statistics stuff?  Could  
> that be adapted to do this?)
>
> Regards,
> -Jeff
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev