Ethereal-dev: [Ethereal-dev] using MATE to detect SCTP retransmissions

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Fri, 11 Nov 2005 11:14:30 -0500
I've got a huge capture file with lots of SCTP retransmissions. I'd like to have an easy way to find them and (since we don't have SCTP analysis similar to the TCP analysis yet) I started playing around with MATE.
From reading the docs I thought I could create a Gop of SCTP PDUs whose only matching criteria was the Vtag and TSN, something like: 

Pdu sctp_pdu Proto sctp Transport ip {
        //Extract addr From ip.addr;
        //Extract port From sctp.port;
        Extract vtag From sctp.verification_tag;
        Extract tsn From sctp.data_tsn;
        Extract sctp_chunk From sctp.chunk_type;
};

Gop sctpretrans On sctp_pdu Match (vtag, tsn) {
        Stop(sctp_chunk=6);
};

Done;
(I've already filtered the file down so there's only my association in there.)
MATE picks up the sctp_pdu's but not the Gops. Any ideas why? Any ideas for a better way to do it? (I want to find the retransmissions and check the time between the transmissions.)
(I also tried not having any Start or Stop conditions to the Gop but the parser didn't like that thus the basically useless--for what I'm trying to do--Stop condition. Really, my Start condition is that the PDU matched and my Stop condition is the end of the capture file.)