Martin.Scheidig@xxxxxxxx wrote:
(See attached file: Ethereal-conversation.JPG.lnk)Hello Devellopers,
I am using Ethereal somtimes to generate a Traffic Matrix. The
Conversations Option helps very mutch to simplfy this job. In my opinion
there is one point witch could be improved.
At the tcp folder you can see the Address A with Port A und Address B witch
Port B. But you cannot see if Address A or Address B initiates the TCP
Session. To design Fire Wall Rules this Information is nesseceary. To
demonstrate this I send you a Screen Shot.
Unfortunately, you sent us a shortcut to a screen shot, not the JPEG
file of the screenshot itself.
At the screen shot you could see that the IP 10.3.10.26 initiates the
Session [SYN]. If you have a lock at the Conversations Folder you can see
the Address 10.10.14.17 at the Collum Address A and the IP 10.3.10.26 at
the Collum B. Thist indicates in my opinion that 10.10.14.17 initiates the
Session and not 10.3.10.17.
In my opinion it would be very usefull if for all TCP Sessions Address A is
used for the Source and Address B is used for Destinations.
Unfortunately, if the initial SYN isn't in the capture, we can't
determine which is the "source" in the sense of the host that initiates
the TCP connection. If the initial SYN *is* present in the capture, it
might be possible to have the conversation treat the address from which
the initial SYN came as address A.
