The UNIX and Linux Forums  
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.

Go Back   The UNIX and Linux Forums > Top Forums > Shell Programming and Scripting
analyzing tcpdump output analyzing tcpdump output
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


Shell Programming and Scripting Post questions about KSH, CSH, SH, BASH, PERL, PHP, SED, AWK and OTHER shell scripts and shell scripting languages here.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Analyzing Communal Tag Relationships for Enhanced Navigation and User Modeling iBot UNIX and Linux RSS News 0 03-23-2008 04:50 AM
tcpdump on AIX nymus7 AIX 4 01-16-2008 08:51 PM
tcpdump ant04 UNIX for Dummies Questions & Answers 2 09-07-2004 06:36 PM
How To Use tcpdump chenhao_no1 High Level Programming 2 04-01-2003 08:15 AM
Analyzing System Core Files? TRUEST UNIX for Advanced & Expert Users 2 01-30-2003 12:10 PM

Closed Thread
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
  #1 (permalink)  
Old 06-06-2008
slumpia slumpia is offline
Registered User
  
 

Join Date: Jun 2008
Location: Indonesia
Posts: 1
analyzing tcpdump output
hello, i have a lot of pcap files (tcpdump output) that i want to compare.
every tcpdump output has two file, server and client.
Quote:
Originally Posted by server
22:22:50.280335 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10492 166400
22:22:50.297068 IP 10.14.15.30.8000 > 192.168.1.4.10728: udp/rtp 160 c8 1045 167200
22:22:50.297086 IP 10.14.15.30.8000 > 192.168.1.4.10728: udp/rtp 160 c8 1046 167360
22:22:50.297100 IP 192.168.1.4.13384 > 10.14.15.28.8000: udp/rtp 160 c8 15129 167040
22:22:50.297116 IP 192.168.1.4.13384 > 10.14.15.28.8000: udp/rtp 160 c8 15130 167200
22:22:50.304720 IP 10.14.15.28.8000 > 192.168.1.4.13384: udp/rtp 160 c8 1042 208800
22:22:50.304742 IP 10.14.15.28.8000 > 192.168.1.4.13384: udp/rtp 160 c8 1043 208960
22:22:50.304750 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10493 166560
22:22:50.304765 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10494 166720
Quote:
Originally Posted by client
22:22:50.473448 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10493 166560
22:22:50.483449 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10494 166720
22:22:50.488877 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1047 167520
22:22:50.503449 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10495 166880
22:22:50.508760 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1048 167680
22:22:50.523450 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10496 167040
22:22:50.528808 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1049 167840
22:22:50.528826 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1050 168000
22:22:50.543451 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10497 167200
what i want to do is:
1. take timestamp, source address, destination address, and packet id from each file (server and client)
2. find the packets sent from server, that client received (appear on client's tcpdump output). packet from server that not received by client will be remove
3. calculate the delay (client timestamp - server timestamp)

thanks in advance
ps: pardon my English


---edted---
the final output i'm thinking is something like:
server time stamp, client time stamp, delay, ip address, packet id
Last edited by slumpia; 06-06-2008 at 01:48 PM..
Closed Thread

Bookmarks

« Script to Extract time from log files and write to a excel | extracting a number from a string »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Hybrid Mode Hybrid Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 06:10 AM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0