Ethereal-users: [Ethereal-users] total byte count difference for t/ethereal / NAI sniffer / tcpd
Hi Guys,
Need advice as I dont know what to conclude
Scenario
I went to a customer site and did some packet captures usis NAI sniffer. I
will use the logon-app.trc as an example. I basically captured packets while
a user logged on to a remote application. The aim being how much traffic is
generated while logging on to determine how much bandwidth is used.
1)i used tethereal/ethereal(same as the summary window i presume) to view
the logon-app,trc file (output below and please correct me if I have
misunderstood any part in my descriptions)
frame frames:303 bytes:29884(Total payload+headers)
tr frames:303 bytes:29884
llc frames:303 bytes:29884
ip frames:303 bytes:29884
tcp frames:303 bytes:29884
data frames:214 bytes:24366 (total payload bytes)
2)using NAI sniffer I got 31096 bytes in total when you click on the
statistics tab on NAI sniffer.
3)using tcpdump
12:38:40.760392 snap ip <src ip>.3459 > <dst ip>.ica: P [tcp sum ok]
98260575:98260602(27) ack 3072908457 win 8458 (DF) (ttl 32, id 2330, len 67)
My understanding is
(27) - is the payload in bytes
len 67 - is total bytes payload+headers (I think this only adds the tcp and
ip headers)
I then used a script using a combination of awk and sed to format and grab
the columns with the total byte lengths for each frame e.g (len 67) for both
src and dst e.g
tcpdump -r logon-app-trc.cap src -vvv | script
and then added them all together and it gave me
23218 bytes in total
23218 bytes
Now judging by what I want done which is to determine the amount of
bandwidth consumed on logon which of this is giving me a true picture in
which I can use in my bandwidth calculation.
Any help or advice will be greatly appreciated on the best approach. And
please correct me any where I might have mis-understood anything.
Regards,
Seun
_________________________________________________________________
Tired of 56k? Get a FREE BT Broadband connection
http://www.msn.co.uk/specials/btbroadband