Re: tcptrace Tcptrace version 6.6.1 and ns2 format files

From: Manikantan Ramadas (mramadas@masaka.cs.ohiou.edu)
Date: 10/21/04

• Next message: Xavier Dubois: "tcptrace splitted trace file (incomplete connections) and cwin calculation"
• Previous message: Xavier Dubois: "tcptrace and ns2 (split a connection in 2)"
• In reply to: Bert Baesjou: "tcptrace Tcptrace version 6.6.1 and ns2 format files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 21 Oct 2004 00:27:14 -0400
From: Manikantan Ramadas <mramadas@masaka.cs.ohiou.edu>
Subject: Re: tcptrace Tcptrace version 6.6.1 and ns2 format files
Message-ID: <20041021042714.GA9286@masaka.cs.ohiou.edu>

Hello!

  This seems to me like a bug-report that we received recently, which
was ultimately found to be a problem with tcpdump/libpcap.
As I recall, this was because of the fact that libpcap closed
the file-descriptor associated with the input dumpfile when it didn't
find its own file format in it. One of our maintainers sent out a
patch recently to tcpdump. So, this problem would probably go away if you
got the latest (CVS) version of tcpdump/libpcap installed on your
system or if you patched tcptrace so that tcpdump appears as the last
file format in file_formats.h (according to the patch found here :
http://tcptrace.org/archive/0380.html)

- Mani.

On Tue, Oct 19, 2004 at 03:29:25AM +0000, Bert Baesjou wrote:
> Hello,
> As I understood this is the tcptrace mailing list. Therefore my mail here.
>
> My problem is that I'm having a file outputted by ns2 which I want to read in
> tcptrace version 6.6.1 , which should, according to the documentation, be no
> problem.
>
> My file "out.tr" looks like:
> + 0 0 49 tcp 40 ------- 0 0.0 51.0 0 0 0 0x0 0 0
> - 0 0 49 tcp 40 ------- 0 0.0 51.0 0 0 0 0x0 0 0
> + 0 1 49 tcp 40 ------- 0 1.0 52.0 0 1 0 0x0 0 0
> - 0 1 49 tcp 40 ------- 0 1.0 52.0 0 1 0 0x0 0 0
> + 0 2 49 tcp 40 ------- 0 2.0 53.0 0 2 0 0x0 0 0
> - 0 2 49 tcp 40 ------- 0 2.0 53.0 0 2 0 0x0 0 0
> + 0 3 49 tcp 40 ------- 0 3.0 54.0 0 3 0 0x0 0 0
> - 0 3 49 tcp 40 ------- 0 3.0 54.0 0 3 0 0x0 0 0
> ......
>
> But when:
> bash-2.05b$ tcptrace -d out.tr
> 1 arg remaining, starting with 'out.tr'
> Ostermann's tcptrace -- version 6.6.1 -- Wed Nov 19, 2003
>
> Running file 'out.tr'
> WhichFormat: failed to find compression format for file 'out.tr'
> Checking for file format 'tcpdump' (tcpdump -- Public domain program from LBL)
> File format is NOT 'tcpdump'
> Checking for file format 'snoop' (Sun Snoop -- Distributed with Solaris)
> File format is NOT 'snoop'
> Checking for file format 'etherpeek' (etherpeek -- Mac sniffer program)
> File format is NOT 'etherpeek'
> Checking for file format 'netmetrix' (Net Metrix -- Commercial program from
> HP)
> File format is NOT 'netmetrix'
> Checking for file format 'ns' (ns -- network simulator from LBL)
> File format is NOT 'ns'
> Checking for file format 'netscout' (NetScout Manager format)
> File format is NOT 'netscout'
> Checking for file format 'erf' (Endace Extensible Record Format)
> ERF format
> File format is 'erf' (Endace Extensible Record Format)
> Trace file size: 43034551 bytes
> 0 packets seen, 0 TCP packets traced
> elapsed wallclock time: 0:00:00.000643, 0 pkts/sec analyzed
> trace file elapsed time: 0:00:00.000000
>         first packet:          <the epoch>
>         last packet:           <the epoch>
> no traced TCP packets
>
>
> I've looked into the ns.c  and I didn't see the problem (my knowledge of C is
> not that big). Maybe I'm doing something wrong?
> I tried to put in some fprintf(stdout,"I'm here"); lines into the ns.c to see
> wherther the function that has to check wherther a file is of the ns format
> ( "pread_f *is_ns(char *filename)" I believe ), but it seems if this function
> is never called (no lines are printed to my terminal)???
>
> Tnx in advance,
>  Bert Baesjou
>
> ----------------------------------------------------------------------------
> To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
> majordomo@tcptrace.org.

-- 
"'Beauty is truth, truth beauty,'--that is all
  Ye know on earth, and all ye need to know." - John Keats
____________________________________________________________________
  
* Manikantan Ramadas * IRG, OU * http://irg.cs.ohiou.edu/~mramadas *
____________________________________________________________________

----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.

• application/pgp-signature attachment: stored

• Next message: Xavier Dubois: "tcptrace splitted trace file (incomplete connections) and cwin calculation"
• Previous message: Xavier Dubois: "tcptrace and ns2 (split a connection in 2)"
• In reply to: Bert Baesjou: "tcptrace Tcptrace version 6.6.1 and ns2 format files"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : 10/21/04 EDT