Wireshark · Ethereal-users: RE: [Ethereal-users] Multi Segment Analysis

["Francisco Alcoba (TS/EEM)" <francisco.alcoba@xxxxxxxxxxxx>]

Hi,

Does ethereal support Multi Segment analysis similar to NAIs infinistream product? Basically, taking several captures and merging them. This provides the capability to determine exactly where delay and jitter are occurring in the network are. This is true even for UDP traffic.

 

If I understand the functionality correctly, Ethereal offers a very basic flavor of the same, i.e. the ability to merge different captures into one -by a command in the File menu or by using the command line mergecap-. It does not provide an automated way to simultaneously start and stop captures in different points -which should be quite straightforward by scripting- and, more importantly, it does not provide a way to identify, in the resulting capture, the original probe the trace came from. This might change in the future, I think I've read there is a new version of the libpcap format that allows comments to be inserted together with packets, so there might be a way to identify sources there.

When merging, Ethereal will use timestamps to order the packets, it will make no attempt to order them based on network topology or packet comparisons, so you will need a very well synchronized probe network for it to be of any use -I don't know if the product you mention can do something else-.

 

Regards,

 

 Francisco