tcpdump analysis tools?
- I'd like to analyse TCP connections collected by tcpdump in terms of
how many simultaneous opens (few)
how many closed by RST from state X (lots)
how many closed first by server, how many by client
I think treating each connection as a list of consecutive states and
a segment sent/received to effect the transition, and listing the
statistics by each combination, will yield interesting results.
- it would show how applications use TCP
- it could highlight particular bugs.
Is there anything out there that does this, or should I start on something?
Ian Heavens, Spider Software Ltd.
- der Mouse <mouse@...> writes:
>I don't think there _is_ any "correctly". TCP does not have OOB. WhatI think the issue probably has more to do with interpreting what the urgent
>it has is an urgent pointer. Some grad student who must have been
>either on drugs or on a minimal understanding of TCP thought it would
>be useful to take the byte the urgent pointer points to and treat it as
>a byte in an out-of-band channel.
pointer means. If I remember correctly, 793 was ambiguous (it said two
different things in two different places) and BSD picked the "wrong" one
(having just re-read it, I probably would have too). If you follow 1122, then
you disagree with BSD by one byte, which is a real pain. I don't know why the
authors of 1122 didn't just admit defeat and codify the BSD practice ;->.