[c-nsp] OT: Sniffing TCP connection quality

Scott Keoseyan scott at labyrinth.org
Tue Aug 4 19:02:35 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Both Netscout and Fluke make products that do this.  Plus, you can buy  
probes to insert into your links directly (as opposed to span-port) if  
you want to do some sniffing on something other than an Ethernet  
switch.  Be ready to fork out some money though.


On Aug 4, 2009, at 5:56 PM, Peter Rathlev wrote:

> Hi,
>
> Since TCP works the way it does a passive observer is able to see  
> packet
> loss by looking for e.g. duplicate ACKs. For some time I've had a
> dumpcap process picking out traffic to/from specific destinations and
> running it through tshark to get the wireshark "Expert Info" output.
> This turns out to be very interesting data.
>
> The problem is that I'd like to do some further data mining to see if
> certain sources/destinations are more troubled than others. For this  
> I'd
> have to isolate each flow and analyse them one by one. Even though  
> this
> would be possible (and not too hard) with a few scripts, I'd like to
> know if there might exist some tool/appliance that does this: Looks at
> traffic (e.g. from a SPAN port) and collects statistics about the  
> flows
> including analysis of packet loss et cetera. The important part is  
> that
> it looks at the seperate flows.
>
> I've been looking at tstat (http://tstat.tlc.polito.it/index.shtml)  
> and
> this looks very promising, but it doesn't seem to be able to analyze  
> the
> different flows seperately.
>
> Anybody know of such tool/appliance? Preferably either appliance or
> something that runs on Linux, but commercial solutions as well as open
> source.
>
> Regards,
> Peter
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

- --
Scott Keoseyan
scott at labyrinth.org
Homepage - http://www.labyrinth.org/homepages/scott
Blog - http://www.labyrinth.org/wp1
PGP Key - http://www.labyrinth.org/homepages/scott/pgp.html





-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.11 (Darwin)

iEYEARECAAYFAkp4vgsACgkQA7TpMPAlvEfsBACgmcU0DwdGiSPkYePbIsW8nHNj
TFEAn0A8GojMMhXPTkxkmMf3MhAMwj9i
=IRYG
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list