Re: tcptrace and huge files ? (a few GB)

From: Olivier M. (qmail@orion.8304.ch)
Date: 10/22/02

Next message: Jose Manuel Cano Garcia: "Re: tcptrace and huge files ? WARNING!!!!!"

Previous message: Rick Jones: "Re: tcptrace and huge files ? (a few GB)"
In reply to: Jose Manuel Cano Garcia: "Re: tcptrace and huge files ? (a few GB)"
Next in thread: Jose Manuel Cano Garcia: "Re: tcptrace and huge files ? WARNING!!!!!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Message-ID: <20021023003459.B2105@orion.8304.ch>
Date: Wed, 23 Oct 2002 00:34:59 +0200
From: "Olivier M." <qmail@orion.8304.ch>
Subject: Re: tcptrace and huge files ? (a few GB)

Hi Jose, and thanks for your feedback!

On Tue, Oct 22, 2002 at 07:52:25PM +0200, Jose Manuel Cano Garcia wrote:
> tcptrace have memory problems when procesing large files. I think the best
> solution is to prefilter the trace with tcpdump.

good point, yes.

> I had a similar problem with large traces (300 MB) and I did the followings
> things: [...]

thanks for the hints & scripts! will try some things tomorrow.

> PD: I am interested on traffic measurements. Do you have your traces
> available?

It's currently running: trying a simple perl script parsing the output
of zcat /home/dump/dump.gz | tcpdump -n -r - 'tcp[13] & 2 == 2'

sample results (after 30min of parsing):

(size) (hits)
win 30660 272223
win 16384 219065
win 8192 194269
win 5840 192003
win 32120 165749
win 64240 81980
win 8760 81329
...
win 61008 1
win 65040 1
win 7796 1
win 44688 1
win 54760 1
total: 1600016

mss 1460 1215763
mss 1400 125214
mss 536 77546
mss 1380 68539
mss 1368 27567
mss 1452 19306
mss 512 15714
...
mss 1008 2
mss 1316 2
mss 1334 2
mss 65496 1
mss 1350 1
mss 4312 1
total: 1599913

wscale 0 358282
wscale 1 5538
wscale 2 2367
wscale 3 602
wscale 6 202
wscale 5 111
wscale 4 34
total: 367136

DF: 1543436 set 56580 not set
sackOK: 980903 set 619113 not set
timestamp: 260465 set 1339551 not set
wscale: 367136 set 1232880 not set

if you see informations that are missing, please tell, it's
important for our diploma thesis :)
(cf. http://www.swiss-internet-analysis.org )

currently trying to find a way to findout the:
- Remaining TTL
- ECN enabled?
parameters. Seems tcpdump has no ECN support yet ? (found
some patches...)

Regards,
Olivier

-- 
_________________________________________________________________
 Olivier Mueller - om@8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch  -  http://webmail.omnis.ch
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.

Next message: Jose Manuel Cano Garcia: "Re: tcptrace and huge files ? WARNING!!!!!"
Previous message: Rick Jones: "Re: tcptrace and huge files ? (a few GB)"
In reply to: Jose Manuel Cano Garcia: "Re: tcptrace and huge files ? (a few GB)"
Next in thread: Jose Manuel Cano Garcia: "Re: tcptrace and huge files ? WARNING!!!!!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 10/23/02 EDT