Ethereal-users: [Ethereal-users] Re: TCP UDP packet delay (Emiliano Mancini)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Daniel Cohn" <daniel.cohn@xxxxxxxxxxxx>
Date: Wed, 1 Mar 2006 16:49:21 -0500
Emiliano,

For TCP, you can see round trip time (sum of delay in both directions)
graphically by going to the Statistics/TCP Stream Graph/Round Trip Time
Graph menu. It will show the delay in axis Y vs. packet number in axis X.

It is impossible to measure delay with a Sniffer capture in UDP traffic as
there are no acknowledgments from the receiving side. It is also impossible
to measure one-way delay with a Sniffer capture. The only way to do it is by
using a dedicated hardware such as SmartBits that will capture traffic in
both sides and measure delay.

Ciao,

Daniel

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of
ethereal-users-request@xxxxxxxxxxxx
Sent: Tuesday, February 28, 2006 1:00 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: Ethereal-users Digest, Vol 34, Issue 36

Send Ethereal-users mailing list submissions to
	ethereal-users@xxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	http://www.ethereal.com/mailman/listinfo/ethereal-users
or, via email, send a message with subject or body 'help' to
	ethereal-users-request@xxxxxxxxxxxx

You can reach the person managing the list at
	ethereal-users-owner@xxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Ethereal-users digest..."


Reply-To: Ethereal user support &lt;ethereal-users@xxxxxxxxxxxx&gt;

Today's Topics:

   1. packets duplicated, why? (Michael Mendoza)
   2. Show all stremas,	only show me values for one streams
      (Michael Mendoza)
   3. About how to generate packets RTP and rtpplay (Michael Mendoza)
   4. Re: Show all stremas,	only show me values for one streams
      (Lars Ruoff)
   5. RE: About how to generate packets RTP and rtpplay
      (Jacques, Olivier (OCBU-Test Infra))
   6. analyzing captured RANAP data (Ariel Burbaickij)
   7. TCP UDP packet delay (Emiliano Mancini)
   8. Re: analyzing captured RANAP data (Andreas Fink)
   9. Bugs (Donald Woeltje)
  10. Re: About how to generate packets RTP and rtpplay
      (Michael Mendoza)
  11. Re: Bugs (Breen Mullins)
  12. Re: Bugs (Sake Blok)
  13. Can not see vlan tag information with Ethereal (Peter Wong)
  14. Re: Can not see vlan tag information with Ethereal (Sake Blok)


----------------------------------------------------------------------

Message: 1
Date: Mon, 27 Feb 2006 14:11:51 -0400
From: "Michael Mendoza" <michaelux@xxxxxxxxx>
Subject: [Ethereal-users] packets duplicated, why?
To: ethereal-users@xxxxxxxxxxxx
Message-ID: <d6d9f47b0602271011w10bf51d9t@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

HI, I have a problem with ethereal , when I am sniffing my network i
see every packet twice, but when I turn off the option of "Capture
packet in promiscuous mode" then the packets don4t are duplicated,
why?

Because when I sniffing VoIP with SIP and RTP, the analize show me
every packet twice...and that is no good for what I4m doing...

Thanks and I4m sorry by my english because i dont know how to write
english well...


------------------------------

Message: 2
Date: Mon, 27 Feb 2006 14:24:31 -0400
From: "Michael Mendoza" <michaelux@xxxxxxxxx>
Subject: [Ethereal-users] Show all stremas,	only show me values for
	one streams
To: ethereal-users@xxxxxxxxxxxx
Message-ID: <d6d9f47b0602271024r226d2f4fh@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Hi, I dont know how to write so much english but i will try.


I4m using ethereal for analyze of VoIP with sip or h323 with RTP, but
when I make a call and capture packet and then I go to Statistic-->
RTP--> Show All Streams I can  see the 2 streams, from A -> B and B ->
A, BUT one of the 2 streams have Max jitter = 0, Min jitter = 0, Maz
Delta =0, why? what i have to do in ethereal to fix it?

If I select a streams and then click on Analize i see everey packet
are Ok, but if i select the reversed  direction i don4t see anything,
but if i select the other streamsn and click on Analize I can see the
analyze but if click on reversed direction and don4t see anything...


That is a problem for what I want to do, i need to see the statistics
for both streams...

And other point, if saw in a analisis there were 2 packet loss of
43000, but ethereal show me  packet loss = 2 (30%)  , why 30 % if only
was 2 packet?

Is there any manual , which tell me how to interpret all this values?

Thanks..


------------------------------

Message: 3
Date: Mon, 27 Feb 2006 14:30:56 -0400
From: "Michael Mendoza" <michaelux@xxxxxxxxx>
Subject: [Ethereal-users] About how to generate packets RTP and
	rtpplay
To: ethereal-users@xxxxxxxxxxxx
Message-ID: <d6d9f47b0602271030o552592f8r@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Hi, I am using ethereal to analyze traffic RTP and SIp on WLAN, bbut i
only have 2 laptop with WI-FI and dont have 30 laptop to generate 15
calls, then I want to simulate many call on the WLAN, i found out a
tools called rtpplay but there is few doc about this, i want to konw
is there are people who have been used that to explain me o give a
example... I want to generate packet with rtplay or rtpsend if this
were and normal call...

Or are there other tools to generate traffic rtp free because i have
been found out and almost all aren4t free or only generate traffic SIP
but not RTP...


Thanks...


------------------------------

Message: 4
Date: Tue, 28 Feb 2006 09:05:44 +0100
From: "Lars Ruoff" <Lars.Ruoff@xxxxxxxxxx>
Subject: Re: [Ethereal-users] Show all stremas,	only show me values
	for one streams
To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
Message-ID: <001901c63c3d$c6d29940$8182849b@xxxxxxxxxxxxxxxxxx>
Content-Type: text/plain;	charset="iso-8859-1"

Can you send us the capture file showing this?

Lars

----- Original Message ----- 
From: "Michael Mendoza" <michaelux@xxxxxxxxx>
To: <ethereal-users@xxxxxxxxxxxx>
Sent: Monday, February 27, 2006 7:24 PM
Subject: [Ethereal-users] Show all stremas,only show me values for one
streams


Hi, I dont know how to write so much english but i will try.


I4m using ethereal for analyze of VoIP with sip or h323 with RTP, but
when I make a call and capture packet and then I go to Statistic-->
RTP--> Show All Streams I can  see the 2 streams, from A -> B and B ->
A, BUT one of the 2 streams have Max jitter = 0, Min jitter = 0, Maz
Delta =0, why? what i have to do in ethereal to fix it?

If I select a streams and then click on Analize i see everey packet
are Ok, but if i select the reversed  direction i don4t see anything,
but if i select the other streamsn and click on Analize I can see the
analyze but if click on reversed direction and don4t see anything...


That is a problem for what I want to do, i need to see the statistics
for both streams...

And other point, if saw in a analisis there were 2 packet loss of
43000, but ethereal show me  packet loss = 2 (30%)  , why 30 % if only
was 2 packet?

Is there any manual , which tell me how to interpret all this values?

Thanks..
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users



------------------------------

Message: 5
Date: Tue, 28 Feb 2006 09:37:43 +0100
From: "Jacques, Olivier (OCBU-Test Infra)" <olivier.jacques@xxxxxx>
Subject: RE: [Ethereal-users] About how to generate packets RTP and
	rtpplay
To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
Message-ID:
	<1AB048BB58C35849AD36CDE65F16C11002804D9E@xxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain;	charset="iso-8859-1"

> Hi, I am using ethereal to analyze traffic RTP and SIp on 
> WLAN, bbut i only have 2 laptop with WI-FI and dont have 30 
> laptop to generate 15 calls, then I want to simulate many 
> call on the WLAN, i found out a tools called rtpplay but 
> there is few doc about this, i want to konw is there are 
> people who have been used that to explain me o give a 
> example... I want to generate packet with rtplay or rtpsend 
> if this were and normal call...
> 
> Or are there other tools to generate traffic rtp free because 
> i have been found out and almost all aren4t free or only 
> generate traffic SIP but not RTP...

I would recommend SIPp: http://sipp.sourceforge.net/ (not only because I'm
deeply involved in it :) )

It allows to generate both SIP and RTP load (since 1.1rc4).

Olivier.


------------------------------

Message: 6
Date: Tue, 28 Feb 2006 10:55:58 +0100
From: "Ariel Burbaickij" <ariel.burbaickij@xxxxxxxxx>
Subject: [Ethereal-users] analyzing captured RANAP data
To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
Message-ID:
	<3058f9b40602280155w3aab329o1c073192a8ae807a@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Hello,
following setup:
We have some captured RANAP data, they were captured and presented by some
proprietary analyzer over the common stack (i.e. AAL-5,
SCCOP,MTP3b,SCCP, RANAP). It is possible to store the data in plain
text format.
I have seen in the mailing list archive that someone has experimented
with text2pcap +
some heavy modifications of the protocols below RANAP, so that it looks like
RANAP on top of SIGTRAN but as I understood, ethereal crashed and
the versions of MTP3 was set to Chinese etc.
So, questions: Were some generalization work done that would alow to put
the SIGTRAN protocols below the text version of  captured protocols
like RANAP how ever one needs them? Could someone share his experiences
about using text2pcap for purposes like described above?

/wbr
Ariel Burbaickij


------------------------------

Message: 7
Date: Tue, 28 Feb 2006 11:00:27 +0100
From: "Emiliano Mancini" <mancini.emiliano@xxxxxxxxx>
Subject: [Ethereal-users] TCP UDP packet delay
To: ethereal-users@xxxxxxxxxxxx
Message-ID:
	<53d9b7e80602280200o422000d2kf27d69cdcb5adf29@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"

Hi,
I'm Emiliano from Eome.
Can Ethereal calculate the packet delay (latency)parameter for TCP and UDP
stream? y
Thank you and best regards,
Emiliano
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/attachments/20060228/d88b1dda/attachment.html

------------------------------

Message: 8
Date: Tue, 28 Feb 2006 12:23:00 +0100
From: Andreas Fink <andreas@xxxxxxxx>
Subject: Re: [Ethereal-users] analyzing captured RANAP data
To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
Message-ID: <DF3723A3-1AAE-463D-AEDF-EE4FF16BE459@xxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed

SIGTRAN is well understood in ethereal. The best thing to do is to  
take your MTP3 frames and build pseudo ethernet/SCTP/M2PA frames  
around your captured MTP3 packets and omit the weird lower layers. I  
guess this needs some small programms or clever scripts.

On 28.02.2006, at 10:55, Ariel Burbaickij wrote:

> Hello,
> following setup:
> We have some captured RANAP data, they were captured and presented  
> by some
> proprietary analyzer over the common stack (i.e. AAL-5,
> SCCOP,MTP3b,SCCP, RANAP). It is possible to store the data in plain
> text format.
> I have seen in the mailing list archive that someone has experimented
> with text2pcap +
> some heavy modifications of the protocols below RANAP, so that it  
> looks like
> RANAP on top of SIGTRAN but as I understood, ethereal crashed and
> the versions of MTP3 was set to Chinese etc.
> So, questions: Were some generalization work done that would alow  
> to put
> the SIGTRAN protocols below the text version of  captured protocols
> like RANAP how ever one needs them? Could someone share his  
> experiences
> about using text2pcap for purposes like described above?
>
> /wbr
> Ariel Burbaickij
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>


Andreas Fink
Fink Consulting GmbH

---------------------------------------------------------------
Tel: +41-61-6666332 Fax: +41-61-6666331  Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
E-Mail:  afink@xxxxxxxxxxxxxxxxxx
Homepage: http://www.finkconsulting.com
---------------------------------------------------------------

ICQ: 101946485 MSN: msn1@xxxxxx AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333
PGP9: 0714 DF2B A189 A760 6201  5CBD D040 3E71 4DAF 68BB




------------------------------

Message: 9
Date: Mon, 27 Feb 2006 16:52:58 -0500
From: "Donald Woeltje" <DWoeltje@xxxxxxxxxxxxxxxxxxx>
Subject: [Ethereal-users] Bugs
To: <ethereal-users@xxxxxxxxxxxx>
Message-ID: <s4032e72.082@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII

In the Windows version of the 0.10.14 release, the capture filter
doesn't function. I set it, leave the dialog box, come back into the
dialog box, and it's unset. I set it again, I do a save, I close the
dialog box, I come back in, and it's unset again. I set it again, I save
it, I even leave the dialog box open, and then I do a capture. IT
CAPTURES EVERYTHING!!!!!!!!!! The capture filter DOES NOT WORK.
 
Then I thought, well....maybe it's not sophisticated enough to filter
during the capture (by setting the filter in advance). Maybe it can only
filter out the unwanted captured packets, from the display. So I ran a
capture and then tried to filter the captured packets after the fact.
Nope. That doesn't work, either, so that must not be it.
 
The product isn't much good without a working capture filter.


------------------------------

Message: 10
Date: Tue, 28 Feb 2006 10:33:33 -0400
From: "Michael Mendoza" <michaelux@xxxxxxxxx>
Subject: Re: [Ethereal-users] About how to generate packets RTP and
	rtpplay
To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
Message-ID: <d6d9f47b0602280633w4578fa55o@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Oh thanks, I founf this before, but in widows it didn4t work and I
used this in linux and only can simulate traffic SIP, but  no RTP, to
generate traffic RTP need I and file wiht the payload? , Need I a
application  in the other host listening on the destination port?  Do
you have any example?

Thanks..

2006/2/28, Jacques, Olivier (OCBU-Test Infra) <olivier.jacques@xxxxxx>:
> > Hi, I am using ethereal to analyze traffic RTP and SIp on
> > WLAN, bbut i only have 2 laptop with WI-FI and dont have 30
> > laptop to generate 15 calls, then I want to simulate many
> > call on the WLAN, i found out a tools called rtpplay but
> > there is few doc about this, i want to konw is there are
> > people who have been used that to explain me o give a
> > example... I want to generate packet with rtplay or rtpsend
> > if this were and normal call...
> >
> > Or are there other tools to generate traffic rtp free because
> > i have been found out and almost all aren4t free or only
> > generate traffic SIP but not RTP...
>
> I would recommend SIPp: http://sipp.sourceforge.net/ (not only because I'm
deeply involved in it :) )
>
> It allows to generate both SIP and RTP load (since 1.1rc4).
>
> Olivier.
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>


------------------------------

Message: 11
Date: Tue, 28 Feb 2006 07:45:21 -0800
From: Breen Mullins <bmullins@xxxxxxxxxx>
Subject: Re: [Ethereal-users] Bugs
To: ethereal-users@xxxxxxxxxxxx
Message-ID: <1141141521.28550.1.camel@xxxxxxxxxxxxxxxx>
Content-Type: text/plain

On Mon, 2006-02-27 at 16:52 -0500, Donald Woeltje wrote:
> In the Windows version of the 0.10.14 release, the capture filter
> doesn't function. I set it, leave the dialog box, come back into the
> dialog box, and it's unset. I set it again, I do a save, I close the
> dialog box, I come back in, and it's unset again. I set it again, I save
> it, I even leave the dialog box open, and then I do a capture. IT
> CAPTURES EVERYTHING!!!!!!!!!! The capture filter DOES NOT WORK.
>  

Ethereal is a mature product and well tested. Capture filters work
perfectly well, but the correct syntax isn't always obvious. 

What are you trying to accomplish?

Breen
-- 
Breen Mullins                      408-435-8401x123       
SQA Engineer                       0xde05499b          
Asante Technologies, Inc.          




------------------------------

Message: 12
Date: Tue, 28 Feb 2006 16:55:26 +0100
From: Sake Blok <sake@xxxxxxxxxx>
Subject: Re: [Ethereal-users] Bugs
To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
Message-ID: <20060228155526.GA48095@netcc.local>
Content-Type: text/plain; charset=us-ascii

On Mon, Feb 27, 2006 at 04:52:58PM -0500, Donald Woeltje wrote:
> In the Windows version of the 0.10.14 release, the capture filter
> doesn't function. I set it, leave the dialog box, come back into the
> dialog box, and it's unset. I set it again, I do a save, I close the
> dialog box, I come back in, and it's unset again. I set it again, I save
> it, I even leave the dialog box open, and then I do a capture. IT
> CAPTURES EVERYTHING!!!!!!!!!! The capture filter DOES NOT WORK.

With the "Capture Filters" dialogue, you are able to pre-define
capture filters and give them a name. You will have to *select* a
defined capture-filter (or build one ad-hoc) in the "Capture options"
dialogue box, just click on the "Capture filter" button or define
one yourself in the text-area next to it.


> Then I thought, well....maybe it's not sophisticated enough to filter
> during the capture (by setting the filter in advance). Maybe it can only
> filter out the unwanted captured packets, from the display. So I ran a
> capture and then tried to filter the captured packets after the fact.
> Nope. That doesn't work, either, so that must not be it.

If you want to apply a filter *after* capturing, you will need
to use a display filter, not a capture filter.


> The product isn't much good without a working capture filter.

That's why ethereal is so great, it has good capture filters and
it's display-filters are unbeaten by any other product IMHO.

I hope this helps, otherwise there is always the friendly manual
(available on www.ethereal.com)


Good luck,   Sake


------------------------------

Message: 13
Date: Tue, 28 Feb 2006 10:59:27 -0500
From: "Peter Wong" <pewong@xxxxxxxxxx>
Subject: [Ethereal-users] Can not see vlan tag information with
	Ethereal
To: <ethereal-users@xxxxxxxxxxxx>
Message-ID:
	<DF422BE08784F143A529AC15771641AB3D07F9@xxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"



>  -----Original Message-----
> From: 	Peter Wong  
> Sent:	Tuesday, February 28, 2006 10:49 AM
> To:	'ethereal-users@xxxxxxxxxxxx'
> Subject:	Can not see vlan tag information with Ethereal
> 
> Hi everyone,
> 
> I tried to captured the vlan tag information sent from an IP phone which
connected to the same hub with my PC running Ethereal. I set up the capture
filter with the ip.addr==ip of the ip phone. Ethereal can capture everything
else from the IP Phone except vlan tag information. The NIC that I used on
the PC is 3Com 3C918 Integrated Fast Ethernet Controller (3C905B-TX
Compactible). Is there anything that I missed in set up of the Ethereal? Or
do you have any idea where the problem is?
> 
> Many thanks in advance,
> Peter Wong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/attachments/20060228/415886d2/attachment.html

------------------------------

Message: 14
Date: Tue, 28 Feb 2006 17:49:30 +0100
From: Sake Blok <sake@xxxxxxxxxx>
Subject: Re: [Ethereal-users] Can not see vlan tag information with
	Ethereal
To: Ethereal user support <ethereal-users@xxxxxxxxxxxx>
Message-ID: <20060228164930.GA48593@netcc.local>
Content-Type: text/plain; charset=us-ascii

On Tue, Feb 28, 2006 at 10:59:27AM -0500, Peter Wong wrote:
> > 
> > I tried to captured the vlan tag information sent from an IP phone which
connected to the same hub with my PC running Ethereal. I set up the capture
filter with the ip.addr==ip of the ip phone. Ethereal can capture everything
else from the IP Phone except vlan tag information. The NIC that I used on
the PC is 3Com 3C918 Integrated Fast Ethernet Controller (3C905B-TX
Compactible). Is there anything that I missed in set up of the Ethereal? Or
do you have any idea where the problem is?
> > 

Basically, this is a driver problem, it strips the 802.1Q tags 
from the frame before passing it to higher protocols.

Please have a look at http://wiki.ethereal.com/CaptureSetup/VLAN
This helped me in getting the 802.1Q tags to be shown in ethereal.
(My laptop has broadcom hardware, but I believe there is also info
for 3com hardware on that page.)


Cheers,   Sake


------------------------------

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users


End of Ethereal-users Digest, Vol 34, Issue 36
**********************************************

 
 
This mail passed through mail.alvarion.com
 
****************************************************************************
********
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.
****************************************************************************
********

 
This mail passed through mail.alvarion.com
 
****************************************************************************
********
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.
****************************************************************************
********

 
This mail passed through mail.alvarion.com
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************