I have a couple of situations where I need to analyze some packet captures but I don't know how.
1
I want to measure baseline network performance by capturing all SYN and SYN+ACK packets on a host for 60 seconds, showing me the round trip time. But I want to capture, or display filter, only the SYN/SYN+ACK packets where the monitoring device sent the SYN packet and received the SYN+ACK back. Meaning, the monitoring device is in normal daily use, it is receiving a lot of SYNs and sending back the SYN+ACKs back but I don't want to see those since they don't tell me anything about round trip time. I can't figure out how to do that.
2
I have packet captures of hundreds/thousands of short SSL sessions where maybe 50KB of data is transferred. How can I get a summary of the length of each of the TCP sessions? We're seeing some sessions complete quickly as they should since it's only 50KB of data, but we see other sessions that last 5-10 seconds. I'd like a simple listing of the length of each session to see if there is some kind of pattern like a particular time of day when the delays occur. I've been using Wireshark to look at each session manually but like I said there are hundreds/thousands.
Thanks for any advice! I'm guessing python might need to be involved, which I'm willing to learn for these purposes
No comments:
Post a Comment