Very pretty graphs
but there seems to be some semi-serious issues with it.
First it seems it only looks at the TCP layer and thus should only be able
to produce the graphs reliably
iff the client is singlethreaded (only does one command at a time) compared
to ehtereal's measurements that
are based on data in the actual smb/oncrpc/dcerpc/... layers.
But the graphs sure looks very much better than the ethereal ones.
It would be very useful if someone hacked up some scripts to take the output
from tethereal -z io,stat,0.010,MIN/MAX/AVG(smb.time)smb.time...
did some grep and sed magic on it and fed it into gnuplot to generate nice
PNGs
with smoothed graphs.
This would be a very useful thing.
----- Original Message -----
From: "Visser, Martin (Sydney)"
Sent: Monday, April 28, 2003 11:31 AM
Subject: RE: [Ethereal-dev] Updates to io-stat calculations
While not a "sniffer" per-se , Packeteer PacketShaper does quite a nice
job of plotting response times etc using histogram buckets. PacketShaper
inspects and records stats for all traffic that match "classes", and in
this case those that you nominate to record response time. It also does
some interesting calculations to work out network time-of-flight and
server response (by comparing SYN-ACK response with normal payload
response time)
Graphically results are output as attached (for telnet traffic on a link
to a particular site
There is some info on the function at
http://support.packeteer.com/documentation/packetguide/current/nav/tasks
/rtm/monitor-rtm.htm a
And the tech details on RTM calcs at
http://support.packeteer.com/documentation/packetguide/current/info/rtm-
technical-details.htm
Martin Visser
Network Consultant
Technology & Infrastructure - Consulting & Integration
HP Services
3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone *: +61-2-9022-1670 Mobile *: +61-411-254-513
Fax 7: +61-2-9022-1800 E-mail * : martin.visserAThp.com
-----Original Message-----
From: Ronnie Sahlberg [mailto:ronnie_sahlberg@xxxxxxxxxxxxxx]
Sent: Thursday, 24 April 2003 10:47 PM
To: ethereal-dev@xxxxxxxxxxxx
Subject: [Ethereal-dev] Updates to io-stat calculations
I just checked in some updates to tethereal io-stat calculations.
Tethereal can now, in addition ot frames/bytes counts, also calculate
COUNT,SUM,MIN,MAX,AVG for several types of fields.
Please see manual page for tethereal.
Example:
tethereal ... -z
"io,stat,0.100,ip.addr==1.1.1.1&&smb.time,MIN(smb.time)ip.addr==1.1.1.1&
&smb
.time,MAX(smb.time)ip.addr==1.1.1.1&&smb.time,AVG(smb.time)ip.addr==1.1.
1.1&
&smb.time"
This will calculate statistics in 100ms intervals for all smb responses
to/from the host at 1.1.1.1. (only response packets have the smb.time
field)
The output will be presented in 4 columns:
Column1: number of frames/bytes for all such response packets.
Column2: MINimum response time seen in the interval
Column3: MAXimum response time seen in the interval.
Column4: AVeraGe response time seen in the interval.
The output should be simple to convert with some sed magic into
something excel or any other application capable of producing graphs can
import.
Note that the example above is simplified and may not be useful in real
world since some SMB commands will normally have very long response
times (i.e. NOTIFY which normally can take minutes/hours to complete)
which will poison the data. It may be nessecary to enhance the filter to
remove the influence from those calls.
Other interesting protocols to plot the response time for like this is
probably nfs (rpc.time) and dcerpc.time.
Any other sniffer capable of plotting min/max/average response time from
a specific client over time?
have fun.
ronnie sahlberg
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev