Packet Capture, part 3: Analysis Tools - Page 4
1.5.6. tcpslice
The program tcpslice is a simple but useful program for extracting pieces or merging tcpdump files. This is a useful utility for managing larger tcpdump files. You specify a starting time and optionally an ending time for a file, and it extracts the corresponding records from the source file. If multiple files are specified, it extracts packets from the first file and then continues extracting only those packets from the next file that have a later timestamp. This prevents duplicate packets if you have overlapping trace files.
While there are a few options, the basic syntax is quite simple. For example, consider the command:
bsd1# tcpslice 934224220.0000 in-file > out-file
This will extract all packets with timestamps after 934224220.0000. Note the use of an unformatted timestamp. This is the same format displayed with the -tt option with tcpdump. Note also the use of redirection. Because it works with binary files, tcpslice will not allow you to send output to your terminal. See the manpage for additional options.
1.5.7. tcptrace
While for most purposes tcptrace is used as a command-line tool, tcptrace is capable of producing several types of output files for plotting with the X Window program xplot. These include time sequence graphs, throughput graphs, and graphs of round-trip times. Time sequence graphs (-S option) are plots of sequence numbers over time that give a picture of the activity on the network. Throughput graphs (-T option), as the name implies, plot throughput in bytes per second against time. While throughput gives a picture of the volume of traffic on the network, round-trip times give a better picture of the delays seen by individual connections. Round-trip time plots (-R option) display individual round-trip times over time. For other graphs and graphing options, consult the documentation.
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- 6
- Next Page »
