Ethereal-dev: [Ethereal-dev] using MATE to detect SCTP retransmissions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Fri, 11 Nov 2005 11:14:30 -0500
I've got a huge capture file with lots of SCTP retransmissions.  I'd 
like to have an easy way to find them and (since we don't have SCTP 
analysis similar to the TCP analysis yet) I started playing around with 
MATE.

From reading the docs I thought I could create a Gop of SCTP PDUs whose 
only matching criteria was the Vtag and TSN, something like:

Pdu sctp_pdu Proto sctp Transport ip {
        //Extract addr From ip.addr;
        //Extract port From sctp.port;
        Extract vtag From sctp.verification_tag;
        Extract tsn From sctp.data_tsn;
        Extract sctp_chunk From sctp.chunk_type;
};

Gop sctpretrans On sctp_pdu Match (vtag, tsn) {
        Stop(sctp_chunk=6);
};

Done;


(I've already filtered the file down so there's only my association in 
there.)

MATE picks up the sctp_pdu's but not the Gops.  Any ideas why?  Any 
ideas for a better way to do it?  (I want to find the retransmissions 
and check the time between the transmissions.)

(I also tried not having any Start or Stop conditions to the Gop but the 
parser didn't like that thus the basically useless--for what I'm trying 
to do--Stop condition.  Really, my Start condition is that the PDU 
matched and my Stop condition is the end of the capture file.)