I took a tcpdump to capture all my application connections to data base server. I can filter the tcpudmp data and extract the session that are relevant by using standard tcpdump filters.
How to find a duration of a tcp session without manually checking packets and calculating the elapsed time.
Solution
There are many tools that can read and understand a tcpudmp file. One of them is tcptrace. An example of how to use it to find the time is demonstrated below.
root@db1:~# tcptrace -n -l -o1
1 arg remaining, starting with 'google.pcap'
Ostermann's tcptrace -- version 6.6.7 -- Thu Nov 4, 2004
12 packets seen, 12 TCP packets traced
elapsed wallclock time: 0:00:00.001738, 6904 pkts/sec analyzed
trace file elapsed time: 0:00:07.092266
TCP connection info:
1 TCP connection traced:
TCP connection 1:
host a: 2a00:1a48:7805:0111:8cfc:cf10:ff08:0a2f:55939
host b: 2a00:1450:400c:0c05::0063:80
complete conn: yes
first packet: Wed Oct 24 22:49:59.166611 2012
last packet: Wed Oct 24 22:50:06.258878 2012
elapsed time: 0:00:07.092266
total packets: 12
filename: google.pcap
a->b: b->a:
total packets: 6 total packets: 6
ack pkts sent: 5 ack pkts sent: 6
...
References
Posts
No comments:
Post a Comment