Thank you very much! I am going to try and run it in linux and will let
you know how it goes. I greatly appreciate your help, I will let you
know if I make any changes to it.
- George
Sake Blok wrote:
> George,
>
> Here is the script, I added a little copyright notice (taken and
> modified from yet another script lol). If you make some nice additions
> to the script, I would love to hear about it. Please take into account
> that this script was written under cygwin and that I included some extra
> fields in the ethereal columns, see the comment in the script about my
> column-settings :)
>
> I hope it helps you out...
>
>
> Cheers, Sake
>
> ----- Original Message ----- From: "George P Nychis" <gnychis@xxxxxxx>
> To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
> Sent: Sunday, April 02, 2006 7:47 AM
> Subject: Re: [Ethereal-users] how to get total time of a connections?
>
>
>> I would be unbelievably greatful for your script... it would help me
>> very much :)
>>
>> - George
>>
>>
>>> On Sat, Apr 01, 2006 at 03:27:10PM -0500, George Nychis wrote:
>>>>
>>>> I do mean TCP Connections.
>>>>
>>>> I was hoping tethereal could do this because i've already written some
>>>> scripts to parse my log files that I could substitute new tethereal
>>>> commands and filters into.
>>>>
>>>> But if all else fails I can definitely try this out!
>>>
>>> George,
>>>
>>> I have written a (perl)script a while back that parses ethereal
>>> output and
>>> produces the following output about tcp-streams:
>>>
>>> $ flows.pl trace.cap
>>> 0,1.1.1.1:1190->2.2.2.2:443,0.000000,63.708205,8,9,844,1745,SsA+a-+-+a-A-
>>>
>>> ffAR
>>> 1,1.1.1.1:1190->2.2.2.2:81,0.035901,63.682639,7,6,517,474,SsA+a-A-AfAFa
>>> 2,1.1.1.1:1191->2.2.2.2:443,292.293840,2.64925600000004,19,21,4827,16450,
>>>
>>> SsA+a-+a+---A-A+-+-----AAA+-+a----AAA+Rr
>>> 3,1.1.1.1:1191->2.2.2.2:81,292.329186,2.61231500000002,20,20,3774,16199,S
>>>
>>> sA+a-A--A-AA+a-A+--A--A-A+-A+--A--AFafA
>>> 4,1.1.1.1:1192->2.2.2.2:443,294.566017,0.118852000000004,4,3,102,146,SsA+
>>>
>>> a-R
>>> 5,1.1.1.1:1192->2.2.2.2:81,294.600691,0.0852050000000304,4,3,0,0,SsAFafA
>>> 6,1.1.1.1:1193->2.2.2.2:443,294.727954,0.207250999999985,6,5,1032,1466,Ss
>>>
>>> A+a-+-+-R
>>> 7,1.1.1.1:1193->2.2.2.2:81,294.763050,0.175164999999993,6,5,729,241,SsA+a
>>>
>>> -AFafA
>>> 8,1.1.1.1:1194->2.2.2.2:443,294.939192,47.239815,16,17,5507,7489,SsA+a-+a
>>>
>>> +-+-+-----AAA+-+-+-+-A-fA
>>> 9,1.1.1.1:1194->2.2.2.2:81,294.973244,47.165423,19,15,5191,7173,SsA+a-A+a
>>>
>>> -A+--A--A-A+-A+-A+-A+-AfA
>>> 10,1.1.1.1:1195->2.2.2.2:443,297.199711,44.982584,11,11,4045,899,SsA+a-+a
>>>
>>> +-+-+-+-+-A-fA
>>>
>>> tcp-session-number src-ip:port->dst-ip:port start-time (relative to
>>> trace)
>>> duration packets in packets out bytes in bytes out overview of syn,
>>> ack, data,
>>> fin etc...
>>>
>>> Does this come close to what you need?
>>>
>>>
>>> Cheers, Sake _______________________________________________
>>> Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx
>>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>>
>>>
>>
>>
>> --
>>
>> _______________________________________________
>> Ethereal-users mailing list
>> Ethereal-users@xxxxxxxxxxxx
>> http://www.ethereal.com/mailman/listinfo/ethereal-users
>>
>>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
