From: Manikantan Ramadas (mramadas@masaka.cs.ohiou.edu)
Date: 07/19/04
Date: Mon, 19 Jul 2004 15:46:29 -0400 From: Manikantan Ramadas <mramadas@masaka.cs.ohiou.edu> Subject: Re: tcptrace-bugs Number of packets seen by tcptrace Message-ID: <20040719194629.GB26926@irg.cs.ohiou.edu>
Oh, thats because tcptrace returns a count of only IP packets (IPv4
and IPv6) while tcpdump counts the rest too (like ARP traffic,
ethernet broadcasts by switches, broadcasts by wireless base-stations,
etc.).
- Mani.
On Mon, Jul 19, 2004 at 12:14:00PM -0700, suseela sarasamma wrote:
> Hi,
>
> I am using tcptrace with the -u option to get TCP as well as UDP records in raw tcpdump.
>
> The actual number of packets in two raw tcpdump files are as follows:
>
> file 1 : 7778
> file 2: 7803
>
> Tcptrace reports the number of packets seen as follows:
> file 1: 7583
> file 2: 7604
>
> Why is this difference?
>
> thanks
> suseela
>
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Vote for the stars of Yahoo!'s next ad campaign!
-- "'Beauty is truth, truth beauty,'--that is all Ye know on earth, and all ye need to know." - John Keats ____________________________________________________________________ * Manikantan Ramadas * IRG, OU * http://irg.cs.ohiou.edu/~mramadas * ____________________________________________________________________
This archive was generated by hypermail 2.1.7 : 07/20/04 EDT