Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Ethereal - unique tcp.sequence

  • 22-03-2005 10:15am
    #1
    MiCr0
    Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭


    hi,
    does anyone know how to view only unique tcp sequence numbers in ethereal.
    i've got double recording of packets - due to stp being used on 2 switches - and its making the captures very confusing.

    any one got suggestions how to view only unique packets?

    Thanks,
    :s/MiCr0/David


Comments

  • #2
    osmethod
    Closed Accounts Posts: 244 ✭✭osmethod


    Check the tcp protocol settings under

    Edit->Preferences->Protocols->TCP

    Check the tcp filter expressions under

    Filter->Expression->tcp

    You should be able to fine tune it to your requirements....

    osmethod


  • #3
    MiCr0
    Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    checked both already - nope - but thanks


  • #4
    osmethod
    Closed Accounts Posts: 244 ✭✭osmethod


    Is there a real neccessity for stp...? Are you're switches in a loop?

    osmethod


  • #5
    MiCr0
    Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    its not my call, there are redundant nics,load balancers and switches


  • #6
    osmethod
    Closed Accounts Posts: 244 ✭✭osmethod


    Can't answer you directly as I tend to never use stp.....

    Some things I'd try...

    Disable all protocols initially... enable the bare minimum that you require for capture.

    Consider over-riding ethereals choice of decoding the packets - you can force decodes of your choice at the link, network and transport layers.

    Consider looking at the absolute tcp sequence rather than relative.

    Have you checked the ethereal faq? I've picked up a bit from here:
    http://groups.google.ie/groups?hl=en&lr=&group=mailing.unix.ethereal-dev

    osmethod


  • Advertisement
  • #7
    MiCr0
    Registered Users, Registered Users 2 Posts: 6,265 ✭✭✭MiCr0


    this is my current filter
    not tcp.analysis.retransmission and (h225.setup and ip.dst == 10.0.8.82) or (h225.h323_message_body == 5 and ip.src == 10.0.8.82) or (h245.response == 5 and ip.dst == 10.0.8.82) or (h245.command == 5 and ip.dst == 10.0.8.82) or h225.RasMessage == 15 or h225.RasMessage == 16 or h225.RasMessage == 6 or h225.RasMessage == 7


  • #8
    osmethod
    Closed Accounts Posts: 244 ✭✭osmethod


    I'll be playing with ethereal over the weekend and i'll test your filter then...

    Just a quick thought...
    First - Have you tried disabling all protocols except DEC_STP
    Second - There will be different mac addresses from each of the switches write them down
    Third - Use the dec_stp.root.mac contains mac_addr for 1 of the switches mac address only

    Then start implementing the TCP protocol...

    osmethod


Advertisement