Wireshark · Ethereal-dev: RE: [Ethereal-dev] Updates to io-stat calculations

Ethereal-dev: RE: [Ethereal-dev] Updates to io-stat calculations

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Visser, Martin (Sydney)" <Martin.Visser@xxxxxx>

Date: Tue, 29 Apr 2003 16:05:59 +1000

That sounds like a challenge that I have been planning on taking for a
while. I'll see what I can do in my "spare time" (is there such a thing
:-)  )

 

Martin Visser
Network Consultant 
Technology & Infrastructure - Consulting & Integration
HP Services

3 Richardson Place 
North Ryde, Sydney NSW 2113, Australia 
Phone *: +61-2-9022-1670    Mobile *: +61-411-254-513
   Fax 7: +61-2-9022-1800     E-mail * : martin.visserAThp.com



-----Original Message-----
From: Ronnie Sahlberg [mailto:ronnie_sahlberg@xxxxxxxxxxxxxx] 
Sent: Monday, 28 April 2003 6:57 PM
To: Visser, Martin (Sydney); ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] Updates to io-stat calculations


Very pretty graphs
but there seems to be some semi-serious issues with it.

First it seems it only looks at the TCP layer and thus should only be
able to produce the graphs reliably iff the client is singlethreaded
(only does one command at a time) compared to ehtereal's measurements
that are based on data in the actual smb/oncrpc/dcerpc/... layers.


But the graphs sure looks very much better than the ethereal ones.

It would be very useful if someone hacked up some scripts to take the
output from tethereal -z io,stat,0.010,MIN/MAX/AVG(smb.time)smb.time...
did some grep and sed magic on it and fed it into gnuplot to generate
nice PNGs with smoothed graphs.

This would be a very useful thing.


----- Original Message -----
From: "Visser, Martin (Sydney)"
Sent: Monday, April 28, 2003 11:31 AM
Subject: RE: [Ethereal-dev] Updates to io-stat calculations


While not a "sniffer" per-se , Packeteer PacketShaper does quite a nice
job of plotting response times etc using histogram buckets. PacketShaper
inspects and records stats for all traffic that match "classes", and in
this case those that you nominate to record response time. It also does
some interesting calculations to work out network time-of-flight and
server response (by comparing SYN-ACK response with normal payload
response time)

Graphically results are output as attached (for telnet traffic on a link
to a particular site

There is some info on the function at
http://support.packeteer.com/documentation/packetguide/current/nav/tasks
/rtm/monitor-rtm.htm a

And the tech details on RTM calcs at
http://support.packeteer.com/documentation/packetguide/current/info/rtm-
technical-details.htm


Martin Visser
Network Consultant
Technology & Infrastructure - Consulting & Integration
HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone *: +61-2-9022-1670    Mobile *: +61-411-254-513
   Fax 7: +61-2-9022-1800     E-mail * : martin.visserAThp.com



-----Original Message-----
From: Ronnie Sahlberg [mailto:ronnie_sahlberg@xxxxxxxxxxxxxx]
Sent: Thursday, 24 April 2003 10:47 PM
To: ethereal-dev@xxxxxxxxxxxx
Subject: [Ethereal-dev] Updates to io-stat calculations


I just checked in some updates to tethereal io-stat calculations.
Tethereal can now, in addition ot frames/bytes counts, also calculate
COUNT,SUM,MIN,MAX,AVG for several types of fields.

Please see manual page for tethereal.


Example:
tethereal ... -z
"io,stat,0.100,ip.addr==1.1.1.1&&smb.time,MIN(smb.time)ip.addr==1.1.1.1&
&smb
.time,MAX(smb.time)ip.addr==1.1.1.1&&smb.time,AVG(smb.time)ip.addr==1.1.
1.1&
&smb.time"

This will calculate statistics in 100ms intervals for all smb responses
to/from the host at 1.1.1.1. (only response packets have the smb.time
field)

The output will be presented in 4 columns:
Column1:   number of frames/bytes for all such response packets.
Column2:  MINimum response time seen in the interval
Column3:  MAXimum response time seen in the interval.
Column4:  AVeraGe response time seen in the interval.


The output should be simple to convert with some sed magic into
something excel or any other application capable of producing graphs can
import.


Note that the example above is simplified and may not be useful in real
world since some SMB commands will normally have very long response
times (i.e. NOTIFY which normally can take minutes/hours to complete)
which will poison the data. It may be nessecary to enhance the filter to
remove the influence from those calls.


Other interesting protocols to plot the response time for like this is
probably nfs (rpc.time) and dcerpc.time.


Any other sniffer capable of plotting min/max/average response time from
a specific client over time?

have fun.
   ronnie sahlberg


_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev


_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev

Prev by Date: Re: [Ethereal-dev] patch to docs and to mgcp-stat
Next by Date: Re: [Ethereal-dev] patch to docs and to mgcp-stat
Previous by thread: Re: [Ethereal-dev] Updates to io-stat calculations
Next by thread: [Ethereal-dev] [patch] Current CVS doesn't compile outside the source tree.
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$