Loading ...
Sorry, an error occurred while loading the content.

tcpdump analysis tools?

Expand Messages
  • Ian Heavens
    I d like to analyse TCP connections collected by tcpdump in terms of state transitions: how many simultaneous opens (few) how many closed by RST from state X
    Message 1 of 107 , Feb 4, 1997
    • 0 Attachment
      I'd like to analyse TCP connections collected by tcpdump in terms of
      state transitions:

      how many simultaneous opens (few)
      how many closed by RST from state X (lots)
      how many closed first by server, how many by client

      I think treating each connection as a list of consecutive states and
      a segment sent/received to effect the transition, and listing the
      statistics by each combination, will yield interesting results.

      - it would show how applications use TCP
      - it could highlight particular bugs.

      Is there anything out there that does this, or should I start on something?

      ian

      Ian Heavens, Spider Software Ltd.
      ian@...
    • Steve Alexander
      ... I think the issue probably has more to do with interpreting what the urgent pointer means. If I remember correctly, 793 was ambiguous (it said two
      Message 107 of 107 , Feb 19, 1997
      • 0 Attachment
        der Mouse <mouse@...> writes:
        >I don't think there _is_ any "correctly". TCP does not have OOB. What
        >it has is an urgent pointer. Some grad student who must have been
        >either on drugs or on a minimal understanding of TCP thought it would
        >be useful to take the byte the urgent pointer points to and treat it as
        >a byte in an out-of-band channel.

        I think the issue probably has more to do with interpreting what the urgent
        pointer means. If I remember correctly, 793 was ambiguous (it said two
        different things in two different places) and BSD picked the "wrong" one
        (having just re-read it, I probably would have too). If you follow 1122, then
        you disagree with BSD by one byte, which is a real pain. I don't know why the
        authors of 1122 didn't just admit defeat and codify the BSD practice ;->.

        -- Steve
      Your message has been successfully submitted and would be delivered to recipients shortly.