man tethereal feed the capture through tethereal and use the flags -R "not frame" -z conv,tcp
the -R flag is to stop tethereal from printing any packet summaries to stdout, -z flag is to make tethereal to print a table of all TCP sessions to stdout after the entire capture file has been parsed. feed this table through pipes through suitable head, sort, sed magic and convert it into whichever format you need. On Wed, 25 Aug 2004 09:12:25 +0200, César Cárdenas wrote: > Dear all: > I apologize because I was not clear about my question... > I use the following instruction for capturing packet info in a file: > > windump ?n ?i 2 tcp >tcptest.txt > > I am using windows 2000 > > I want to determine the number of concurrent TCP connections during the > capturing interval...I look at the SYN, FIN, FIN/PUSH and '.' flags field. > To my understand: > > 'S' + win (value) means the start of a TCP connection > 'F' or 'FP' means the end of a TCP connection > > To determine the number of concurrent TCP connections I start with the first > line...a counter start with zero, if flag is S+win I add one to a counter > else I substract one to the counter...through the time this should compute > the number of concurrent TCP connections... > > In a one-hour capturing file the cumulated number of concurrent TCP connections > is negative (more than -1000)...is that normal? > > In addition, the number of concurrent TCP connections through the time decrease > linearly to more than -1000... > > Does any one have a suggestion for computing the number of concurrent TCP > connections... > > Many thanks for your help, > César > > - > This is the tcpdump-workers list. > Visit https://lists.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
