Ethereal time based display filter
Results 1 to 4 of 4

Thread: Ethereal time based display filter

  1. #1
    Member
    Join Date
    Sep 2002
    Posts
    47

    Ethereal time based display filter

    Hey,
    I am new to ethereal and while playing around with it I was trying to create a time based display filter for a specific stream of data and I was unable to determine how to do so. I googled it and looked at ethereals documentation and I was unable to find the answer. The capture is of a tcp transmission and what I am curious to know is the rate of the data transfer.

    Thanks in advance!!!
    \"Hardware: the parts of a computer that can be kicked.\"
    -Jeff Pesis

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Are you talking about the time sequence graphs found under stream analysis?

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Member
    Join Date
    Sep 2002
    Posts
    47
    The situation was that I had a packet capture that I had used for troubleshooting an issue. The next day the question came up "hey what kind of transfer rates are we getting over this connection." I said hey i have a capture let me check and when I did using Statistics--> Summary the transmission speed that was displayed was inaccurate. That is because ethereal was determining the rate of data transfer by analyzing the amount of data transfered from the first packet to the last packet. However there was a period of significant down time between transfers that was schewing the results.
    So what I wanted to do was to create a display filter so that I could get a measure of transmission speed during a set amount of time within the capture. However I was unable to figure out how and it has really bugged me because the data was there it was just a matter of filtering it out.
    I may have been going about this in a inefficient manner if so let me know a better technique that the speed of transmission could be determined using ethereal. Also let me know if more clarification is needed.

    Thanks!!!
    \"Hardware: the parts of a computer that can be kicked.\"
    -Jeff Pesis

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    Using the expressions feature, you need to weed out the bad data. if you cant find something unique to filter with, you can always remove the bad packets from the capture and simply use what's left.

    The second solution is time consuming but it will work. The first is preferrable.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •