tags:

views:

149

answers:

2
Q: 

Tool for network traffic analysis of a custom protocol

The protocol is very simple and is developed on top of TCP. I need to analyze a big libpcap dump file to calculate the average value and standard deviation of the conversation time and of the number of packets per conversation.

Using Wireshark it's simple to analyze the TCP conversations between the endpoints, but the summary includes all of the TCP packets (lots of SYNs, ACKs and FINs), and this messes up the data.

Is there another tool to do this kind of analysis? Is there a way to EASILY extend Wireshark's functionality?

A: 

Not sure I understand exactly what you need, but if you're looking to analyze only the packets with application data in them you can ask Wireshark to display only those packets with the PSH ("push to application") flag set.

Adam Liss  2009-11-08 01:27:19
Setting the display filter to data.net > 0 doesn't solve the problem. I need to analyze the conversations, but there are multiple conversations happening simultaneously, as multiple clients talk to the server.
boobsbr  2009-11-08 03:05:56
What exactly do you need to measure? Are you trying to separate the individual conversations?
Adam Liss  2009-11-08 04:28:23
A: 

What exactly this protocol contains? Is there any specific header for its own usage? Wireshark provides many complex filtering options that you can explore.

If you want to do it using program, you can try PCAP or PF_SOCK. You may need to write your own filtering criteria then.

Jack  2009-11-26 03:37:12

related questions

Is it possible for me to do the performance testing in localhost with actual network environment?
Best programming language for Image and motion processing
logging incoming traffic from google Sponsored Links clicks
API for historical traffic data?
Traffic monitoring and shaping (C\C++)
Delphi - loging all HTTP request
How to redirect all web traffic to a specific page?
Can I monitor traffic on my Incoming Dialup connection using Wireshark?
How to Monitor Genuine Page Hits
LogParser failing in WebApp
What HTTP traffic monitor would you recommend for Windows?
Bash command (netstat etc) to show overview of packet transfer?
Alexa API?
Identifying characteristics of certain categories network traffic (originating from load balancer or port based NAT)
Website Stats/Traffic (backlinks, visitors)
can we write a program to measure how much traffic any website has like Alexa does?
API for retrieving driving directions and traffic data?
Where is Prolog used for traffic control systems?
how can i generate a ftp traffic report with awstats?
Does anyone know a good guide/book to interpreting results from Google Analytics?
How do I find how much SVN traffic I'm using?
Throttle traffic in Apache based on User-Agent
Difference between SSL and Kerberos authentication?
What is the most stable, least intrusive way to track web traffic between two sites?