Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: analyzing tcpdump output
Top Forums Shell Programming and Scripting analyzing tcpdump output Post 302203101 by slumpia on Friday 6th of June 2008 01:41:35 PM
Old 06-06-2008
analyzing tcpdump output
hello, i have a lot of pcap files (tcpdump output) that i want to compare.
every tcpdump output has two file, server and client.
Quote:
Originally Posted by server
22:22:50.280335 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10492 166400
22:22:50.297068 IP 10.14.15.30.8000 > 192.168.1.4.10728: udp/rtp 160 c8 1045 167200
22:22:50.297086 IP 10.14.15.30.8000 > 192.168.1.4.10728: udp/rtp 160 c8 1046 167360
22:22:50.297100 IP 192.168.1.4.13384 > 10.14.15.28.8000: udp/rtp 160 c8 15129 167040
22:22:50.297116 IP 192.168.1.4.13384 > 10.14.15.28.8000: udp/rtp 160 c8 15130 167200
22:22:50.304720 IP 10.14.15.28.8000 > 192.168.1.4.13384: udp/rtp 160 c8 1042 208800
22:22:50.304742 IP 10.14.15.28.8000 > 192.168.1.4.13384: udp/rtp 160 c8 1043 208960
22:22:50.304750 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10493 166560
22:22:50.304765 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10494 166720
Quote:
Originally Posted by client
22:22:50.473448 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10493 166560
22:22:50.483449 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10494 166720
22:22:50.488877 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1047 167520
22:22:50.503449 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10495 166880
22:22:50.508760 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1048 167680
22:22:50.523450 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10496 167040
22:22:50.528808 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1049 167840
22:22:50.528826 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1050 168000
22:22:50.543451 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10497 167200
what i want to do is:
1. take timestamp, source address, destination address, and packet id from each file (server and client)
2. find the packets sent from server, that client received (appear on client's tcpdump output). packet from server that not received by client will be remove
3. calculate the delay (client timestamp - server timestamp)

thanks in advance
ps: pardon my English


---edted---
the final output i'm thinking is something like:
server time stamp, client time stamp, delay, ip address, packet id
Last edited by slumpia; 06-06-2008 at 02:48 PM..
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Analyzing System Core Files?

can some tell me how to do this. I mean, i tried finding this out on my own but when I checked the man pages, i got a truckload of commands available pertaining to this task which in turn got me confused. so my question is, if there is a simple straight forward(not necessarily easy) way to... (2 Replies)
Discussion started by: TRUEST
2 Replies

2. Shell Programming and Scripting

analyzing data from more than one file

Hello, I have two data (.txt) files which I need to do some operations on them simultaneously. for example: file1: word11 word12 word13 word21 word 22 word 23 word31 word32 word33 file2: word11 word12 word13 word21 word 22 word 23 word31 word32 word33 I need to see if each... (13 Replies)
Discussion started by: shira
13 Replies

3. Shell Programming and Scripting

write a script to parse some tcpdump output

i am trying to write a script to parse some tcpdump output, in each line of the tcpdump output, I know for sure there are 3 keywords exist: User{different usernamehere} NAS_ipaddr{different ip here} Calling_station{ip or dns name here} But the positions for these 3 keywords in the... (4 Replies)
Discussion started by: fedora
4 Replies

4. AIX

Help required in analyzing errpt in aix 5.3

I have received errpt like this.Any help will be highly appreciated.Recently my application has been migrated to aix 5.3 and working fine in aix 5.2 with out crashes. LABEL: CORE_DUMP IDENTIFIER: C69F5C9B Date/Time: Thu Apr 23 09:41:29 EDT 2009 Sequence Number: 948... (3 Replies)
Discussion started by: kittu1979
3 Replies

5. Emergency UNIX and Linux Support

Analyzing Core Dump

We have a binary that generates coredump. So I ran the gdb command to analyze the issue. Pleae note the binary and code are in two different locations and we cannot build the whole binary using debugging symbols. Hence how and what details can I find from below backtarce: gdb binary corefile ... (5 Replies)
Discussion started by: uunniixx
5 Replies

6. UNIX and Linux Applications

Benchmarking and performance analyzing in OS

Is/Are there an/some application/applications , package/packages for benchmarking or system performance measuring which are there for almost all Linux releases and distributions? (2 Replies)
Discussion started by: nixhead
2 Replies

7. UNIX for Dummies Questions & Answers

analyzing list with street addresses

Hi List, Could someone please point me into the right direction with the following: I have a file containing a list of street addresses. I need to sort all the street addresses with the same number to a new file containing the street name and corresponding number. So: Strawinskylaan... (3 Replies)
Discussion started by: M474746
3 Replies

8. AIX

Analyzing CPU usage

Hi Admins, I need your help to analyze the cpu usage of our main server. I have shared below, CPU usages during busy hours and non busy hours. CPU usage is always full at busy hours. Users always complaints about slowness. This server is a lpar partition and configured as uncapped mode. ... (7 Replies)
Discussion started by: newaix
7 Replies

9. Programming

Difficult in analyzing an algorithm

Hello, I was reading Heuritics text and came across an algorithm below. Finding hard to analyze it can any one help me out below... How to analyze if I take say no. of types are 5 and each type has say 20 coins. thanks. Let {c1, c2...cn=1} be a set of distinct coin types where ci is... (1 Reply)
Discussion started by: sureshcisco
1 Replies

10. Cybersecurity

Need Help with this TCPDUMP output...

Hello everyone, so I'm getting this tcpdump, and it looks like..quite a mess... Can anyone decipher this? I can tell that one IP is requesting DNS info? but I'm having trouble finding out what some of the fields actually mean.. 19:44:50.707637 IP 66.81.1.252.53 > 64.147.113.139.28638: 52313... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

LEARN ABOUT SUSE

tnm::udp

udp(n)								 Tnm Tcl Extension							    udp(n)

__________________________________________________________________________________________________________________________________________________

NAME

       udp - Send and receive UDP datagrams.
_________________________________________________________________

DESCRIPTION

       The udp command allows to send and receive datagrams using the User Datagram Protocol (UDP) (RFC 768).

UDP COMMAND

       udp open [port]
	      The  udp	open  command opens a UDP datagram socket and returns an udp handle. The socket is bound to given port number or name.	An
	      unused port number is used if the port argument is missing.

       udp connect host port
	      The udp connect command opens a UDP datagram socket and connects it to a port on a remote host. A connected UDP socket  only  allows
	      to  send messages to a single destination. This usually allows to shorten the code since there is no need to specify the destination
	      address for each udp send command on a connected UDP socket. The command returns a udp handle.

       udp send handle [host port] message
	      The udp send command sends a datagram containing message to the destination specified by host and port. The host and port  arguments
	      may  not	be  used  if the UDP handle is already connected to a transport endpoint. If the UDP handle is not connected, you must use
	      these optional arguments to specify the destination of the datagram.

       udp receive handle
	      The udp receive command receives a datagram from the UDP socket associated with handle. This command  blocks  until  a  datagram	is
	      ready to be received. In most cases, it might be a good idea to check for pending datagrams using the udp bind command.

       udp close handle
	      The udp close command closes the UDP socket associated with handle.

       udp bind handle readable [script]
       udp bind handle writable [script]
	      The  udp	bind  command allows to bind scripts to a UDP handle. A script is evaluated once the UDP handle becomes either readable or
	      writable, depending on the third argument of the udp bind command. The script currently bound to a UDP handle can  be  retrieved	by
	      calling the udp bind command without a script argument. Bindings are removed by binding an empty string.

       udp info [handle]
	      The  udp	info  command without the handle argument returns a list of all existing UDP handles. Information about the state of a UDP
	      handle can be obtained by supplying a valid UDP handle. The result is a list containing the source IP address, the source port,  the
	      destination IP address and the destination port.

SEE ALSO

       scotty(1), Tnm(n), Tcl(n)

AUTHORS

       Juergen Schoenwaelder <schoenw@cs.utwente.nl>

Tnm																	    udp(n)
All times are GMT -4. The time now is 07:57 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy