Date: Thu, 17 Apr 2003 22:08:20 -0400 From: Manikantan Ramadas <mramadas@cs.ohiou.edu> Subject: Re: tcptrace-bugs Problems to analyze captured files. Message-ID: <20030418020820.GA24059@irg.cs.ohiou.edu>
Hi Thomas,
I guess the header you have given me is the link layer header, right? This
header structure is new to me (Why does the header of each packet have the
total# of packets in a field?)
Could you please give us a sample dumpfile containing this traffic, so I
can parallely see how ethereal understands it, to figure out what can
be done for tcptrace?
Thanks!
Mani.
On Thu, Apr 17, 2003 at 03:13:23PM +0200, Thomas Bohnert wrote:
> Hi Mani,
>
> of course, here is the information.
>
> /* the fixed header of each packet */
> struct packethdr_t{
> int number; //packet number (starts with 1)
> int size; // size of this packet (in bytes)
> int interval; // packet interval (in ms)
> int total; // total # of packets
> };
>
> all data behind the header are is random.
>
> thanks for your help,
> Thomas
>
>
> On Thursday 17 April 2003 14:47, you wrote:
> > Hi Thomas,
> >
> > It seems to me that tcptrace does not understand the packet format in the
> > traffic you collect. Could you please give us a sample dumpfile with this
> > packet format?
> >
> > - Mani.
> >
> > On Thu, Apr 17, 2003 at 01:34:17PM +0200, Thomas Bohnert wrote:
> > > Hi,
> > >
> > > We do some investigations in mobile IPv6 and fast handovers. The goal is
> > > to find out the packet loss and the impact for the tcp/ip stack. To
> > > analyze the trafffic i choose tcptrace as recommended in RFCxxx.
> > > In this way, i caputred some random traffic over a wlan link with
> > > tcpdump. This traffic is generated by a small selfwritten generator.
> > > Ethereal is able to open the produced file and to decode all headers
> > > including tcp. The payload of the packets is shown as TCP short frame of
> > > course; the generator uses a proprietary protocol.
> > > The problem now is that i can't decode the packets with tcptrace. After
> > > opening the trace the following message is printed:
> > >
> > > [bothom@mira capture_11.36]# tcptrace 11.36.cap
> > > 1 arg remaining, starting with '11.36.cap'
> > > Ostermann's tcptrace -- version 6.4.0 -- Thu Apr 3, 2003
> > >
> > > 1009 packets seen, 0 TCP packets traced
> > > elapsed wallclock time: 0:00:00.007539, 133837 pkts/sec analyzed
> > > trace file elapsed time: 0:00:21.643035
> > > no traced TCP packets
> > >
> > > The files are captured as followed:
> > > tcpdump -q -i any -w 11.36.cap
> > >
> > >
> > > thanks for your help;
> > >
> > > Thomas Bohnert
--
"A man is but a product of his thoughts; what he thinks, that he becomes."
- Mahatma Gandhi
____________________________________________________________________________
* Manikantan Ramadas * IRG, Ohio Univ. * http://irg.cs.ohiou.edu/~mramadas *
____________________________________________________________________________
This archive was generated by hypermail 2b30 : 04/18/03 EDT