Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

analyzing tcpdump output

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting analyzing tcpdump output
# 1  
Old 06-06-2008
analyzing tcpdump output
hello, i have a lot of pcap files (tcpdump output) that i want to compare.
every tcpdump output has two file, server and client.
Quote:
Originally Posted by server
22:22:50.280335 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10492 166400
22:22:50.297068 IP 10.14.15.30.8000 > 192.168.1.4.10728: udp/rtp 160 c8 1045 167200
22:22:50.297086 IP 10.14.15.30.8000 > 192.168.1.4.10728: udp/rtp 160 c8 1046 167360
22:22:50.297100 IP 192.168.1.4.13384 > 10.14.15.28.8000: udp/rtp 160 c8 15129 167040
22:22:50.297116 IP 192.168.1.4.13384 > 10.14.15.28.8000: udp/rtp 160 c8 15130 167200
22:22:50.304720 IP 10.14.15.28.8000 > 192.168.1.4.13384: udp/rtp 160 c8 1042 208800
22:22:50.304742 IP 10.14.15.28.8000 > 192.168.1.4.13384: udp/rtp 160 c8 1043 208960
22:22:50.304750 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10493 166560
22:22:50.304765 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10494 166720
Quote:
Originally Posted by client
22:22:50.473448 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10493 166560
22:22:50.483449 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10494 166720
22:22:50.488877 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1047 167520
22:22:50.503449 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10495 166880
22:22:50.508760 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1048 167680
22:22:50.523450 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10496 167040
22:22:50.528808 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1049 167840
22:22:50.528826 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1050 168000
22:22:50.543451 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10497 167200
what i want to do is:
1. take timestamp, source address, destination address, and packet id from each file (server and client)
2. find the packets sent from server, that client received (appear on client's tcpdump output). packet from server that not received by client will be remove
3. calculate the delay (client timestamp - server timestamp)

thanks in advance
ps: pardon my English


---edted---
the final output i'm thinking is something like:
server time stamp, client time stamp, delay, ip address, packet id
Last edited by slumpia; 06-06-2008 at 02:48 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Cybersecurity

Need Help with this TCPDUMP output...

Hello everyone, so I'm getting this tcpdump, and it looks like..quite a mess... Can anyone decipher this? I can tell that one IP is requesting DNS info? but I'm having trouble finding out what some of the fields actually mean.. 19:44:50.707637 IP 66.81.1.252.53 > 64.147.113.139.28638: 52313... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

2. Programming

Difficult in analyzing an algorithm

Hello, I was reading Heuritics text and came across an algorithm below. Finding hard to analyze it can any one help me out below... How to analyze if I take say no. of types are 5 and each type has say 20 coins. thanks. Let {c1, c2...cn=1} be a set of distinct coin types where ci is... (1 Reply)
Discussion started by: sureshcisco
1 Replies

3. AIX

Analyzing CPU usage

Hi Admins, I need your help to analyze the cpu usage of our main server. I have shared below, CPU usages during busy hours and non busy hours. CPU usage is always full at busy hours. Users always complaints about slowness. This server is a lpar partition and configured as uncapped mode. ... (7 Replies)
Discussion started by: newaix
7 Replies

4. UNIX for Dummies Questions & Answers

analyzing list with street addresses

Hi List, Could someone please point me into the right direction with the following: I have a file containing a list of street addresses. I need to sort all the street addresses with the same number to a new file containing the street name and corresponding number. So: Strawinskylaan... (3 Replies)
Discussion started by: M474746
3 Replies

5. UNIX and Linux Applications

Benchmarking and performance analyzing in OS

Is/Are there an/some application/applications , package/packages for benchmarking or system performance measuring which are there for almost all Linux releases and distributions? (2 Replies)
Discussion started by: nixhead
2 Replies

6. Emergency UNIX and Linux Support

Analyzing Core Dump

We have a binary that generates coredump. So I ran the gdb command to analyze the issue. Pleae note the binary and code are in two different locations and we cannot build the whole binary using debugging symbols. Hence how and what details can I find from below backtarce: gdb binary corefile ... (5 Replies)
Discussion started by: uunniixx
5 Replies

7. AIX

Help required in analyzing errpt in aix 5.3

I have received errpt like this.Any help will be highly appreciated.Recently my application has been migrated to aix 5.3 and working fine in aix 5.2 with out crashes. LABEL: CORE_DUMP IDENTIFIER: C69F5C9B Date/Time: Thu Apr 23 09:41:29 EDT 2009 Sequence Number: 948... (3 Replies)
Discussion started by: kittu1979
3 Replies

8. Shell Programming and Scripting

write a script to parse some tcpdump output

i am trying to write a script to parse some tcpdump output, in each line of the tcpdump output, I know for sure there are 3 keywords exist: User{different usernamehere} NAS_ipaddr{different ip here} Calling_station{ip or dns name here} But the positions for these 3 keywords in the... (4 Replies)
Discussion started by: fedora
4 Replies

9. Shell Programming and Scripting

analyzing data from more than one file

Hello, I have two data (.txt) files which I need to do some operations on them simultaneously. for example: file1: word11 word12 word13 word21 word 22 word 23 word31 word32 word33 file2: word11 word12 word13 word21 word 22 word 23 word31 word32 word33 I need to see if each... (13 Replies)
Discussion started by: shira
13 Replies

10. UNIX for Advanced & Expert Users

Analyzing System Core Files?

can some tell me how to do this. I mean, i tried finding this out on my own but when I checked the man pages, i got a truckload of commands available pertaining to this task which in turn got me confused. so my question is, if there is a simple straight forward(not necessarily easy) way to... (2 Replies)
Discussion started by: TRUEST
2 Replies
Login or Register to Ask a Question