Packet Capture, part 3: Analysis Tools - Page 5

By O'Reilly Press | Posted Nov 20, 2001
Page 5 of 6   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

For normal text-based operations, there are an overwhelming number of options and possibilities. One of the most useful is the -l option. This produces a long listing of summary statistics on a connection-by-connection basis. What follows is an example of the information provided for a single brief Telnet connection:

 TCP connection 2:
         host c:        sloan.lander.edu:1230
         host d:        205.153.63.238:23
         complete conn: yes
         first packet:  Wed Aug 11 11:23:25.151274 1999
         last packet:   Wed Aug 11 11:23:53.638124 1999
         elapsed time:  0:00:28.486850
         total packets: 160
         filename:      telnet.trace
    c->d:                              d->c:
      total packets:            96           total packets:            64
      ack pkts sent:            95           ack pkts sent:            64
      pure acks sent:           39           pure acks sent:           10
      unique bytes sent:       119           unique bytes sent:      1197
      actual data pkts:         55           actual data pkts:         52
      actual data bytes:       119           actual data bytes:      1197
      rexmt data pkts:           0           rexmt data pkts:           0
      rexmt data bytes:          0           rexmt data bytes:          0
      outoforder pkts:           0           outoforder pkts:           0
      pushed data pkts:         55           pushed data pkts:         52
      SYN/FIN pkts sent:       1/1           SYN/FIN pkts sent:       1/1
      mss requested:          1460 bytes     mss requested:          1460 bytes
      max segm size:            15 bytes     max segm size:           959 bytes
      min segm size:             1 bytes     min segm size:             1 bytes
      avg segm size:             2 bytes     avg segm size:            23 bytes
      max win adv:            8760 bytes     max win adv:           17520 bytes
      min win adv:            7563 bytes     min win adv:           17505 bytes
      zero win adv:              0 times     zero win adv:              0 times
      avg win adv:            7953 bytes     avg win adv:           17519 bytes
      initial window:           15 bytes     initial window:            3 bytes
      initial window:            1 pkts      initial window:            1 pkts
      ttl stream length:       119 bytes     ttl stream length:      1197 bytes
      missed data:               0 bytes     missed data:               0 bytes
      truncated data:            1 bytes     truncated data:         1013 bytes
      truncated packets:         1 pkts      truncated packets:         7 pkts
      data xmit time:       28.479 secs      data xmit time:       27.446 secs
      idletime max:         6508.6 ms        idletime max:         6709.0 ms
      throughput:                4 Bps       throughput:               42 Bps

This was produced by using tcpdump to capture all traffic into the file telnet.trace and then executing tcptrace to process the data. Here is the syntax required to produce this output:

bsd1# tcptrace -l telnet.trace

Similar output is produced for each TCP connection recorded in the trace file. Obviously, a protocol (like HTTP) that uses many different sessions may overwhelm you with output.

There is a lot more to this program than covered in this brief discussion. If your primary goal is analysis of network performance and related problems rather than individual packet analysis, this is a very useful tool.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter