On Feb 19, 2007, at 6:46 PM, Muhammad Ghazali wrote:
Can you tell me the trick how to measure the response time of the web
application and the smtp response by manually looking at the packet?
Web and SMTP? You said
I want to measure the response time of a web application and the smtp
server from a branch office ...
Are you measuring two different things (the response time of a Web
application to HTTP requests, and the response of an SMTP server to
SMTP requests), or is this a Web application that causes e-mail to be
sent, so that the user fills out a form and clicks a button, and a
mail message is generated and sent as a result of clicking the button?
How can I follow a trace of a conversation? (From the Syn request
until the end of the transaction). Example of the conversation is a
login process to a web application.
If you select a packet in a TCP connection, and then select "Follow
TCP Stream" from the "Analyze" menu, Wireshark will:
1) filter out all the packets that aren't in that TCP connection, so
only the packets in the connection are displayed;
2) put the text of the data in the connection (assuming it *is* text
- it might be binary, in which case this is less useful) into a new
display window.
I like the graphical statistic, how can I convert wireshark format
into Sniffer Pro 475 one? I once converted an ethereal to sniffer
format and it worked. But I've just tried the conversion (by means of
the save menu) from wireshark with no success.
"Wireshark" and "Ethereal" are the same program - we just changed the
name in the 0.99.2 release (see
http://www.wireshark.org/faq.html#q1.2
for details). There's also no "Wireshark format" or "Ethereal format"
- the native capture file format for Ethereal/Wireshark is libpcap
format, which is the format supported by the libpcap library used by
tcpdump and a number of other programs. (It's more-or-less the
standard UN*X capture file format.)
You *should* be able to save a Wireshark capture in Sniffer format,
although you should note that there are two "Sniffer" formats - the
format used by the old Sniffers, which ran on top of MS-DOS, and the
format used by the newer Sniffer software, which runs on top of
Windows. The old Sniffer format is given as "NA Sniffer (DOS)", and
the new Sniffer format is given as "NA Sniffer (Windows) 1.1" or "NA
Sniffer (Windows) 2.00x" - unless you have an older version of the
Windows Sniffer software, you probably want the 2.00x version.
If you try to save in that format, what happens? Does Wireshark not
let you choose that format? If it doesn't, what type of capture do
you have (Ethernet, 802.11, some type of WAN, etc.)? If it does let
you choose that format, what happens if you save in that format? Can
a Sniffer read the file?
