Re: Questions - HTTP module and ATM interface

From: Daikichi Osuga (osuga@mml.yrp.nttdocomo.co.jp)
Date: 10/29/01

  • Next message: José Vicente Núñez Zuleta: "How much bandwith and how much data is being used between a client and a server?: help needed" 

    Message-ID: <02d601c160fb$2c351a60$f23315ac@OSUGASYSWKS>
From: "Daikichi Osuga" <osuga@mml.yrp.nttdocomo.co.jp>
Subject: Re: Questions - HTTP module and ATM interface
Date: Tue, 30 Oct 2001 13:27:23 +0900

    answer for question 1

    All of packet content (not only IP/TCP header)
    is required to analize HTTP1.1.

    use [-s snaplen] option of tcpdump. 

    --
Daikichi Osuga

    ----- Original Message ----- 
From: "Choi Dong Joon" <djchoi@cafe.etri.re.kr>
To: <tcptrace@tcptrace.org>
Sent: Tuesday, October 30, 2001 9:40 AM
Subject: Questions - HTTP module and ATM interface

    > 
> Hi.
> 
> I have two questions about tcptrace.
> 
> 1.I use current version of tcpdump from www.tcpdump.org . 
>  When I tcpdump the connection of HTTP 1.1 with pipeline option,
> (tcpdump -i eth0 -w test.dmp). the result of tcptrace (tcptrace -xHTTP test.dmp)
>  is strange. The tested web page have7 images. 
> But there are one image retrieval information 
> and strange time informations. The result is as follows
> 
> ------------  
> mod_http: Capturing HTTP traffic (port 80)
> 1 arg remaining, starting with 'pipe.dmp'
> Ostermann's tcptrace -- version 5.2.VERSION_BUGFIX -- Wed Sep 15, 1999
> 
> 94 packets seen, 94 TCP packets traced
> elapsed wallclock time: 0:00:00.008746, 10747 pkts/sec analyzed
> trace file elapsed time: 0:00:04.370090
> TCP connection info:
>   1: pc-4.etri.re.kr:32903 - 210.123.254.131:80 (a2b)   37>   57<  (complete)
> Http module output:
> pc-4.etri.re.kr:32903 ==> 210.123.254.131:80 (a2b)
>   Server Syn Time:      Mon Oct 29 22:06:42.167035 2001 (1004360802.167)
>   Client Syn Time:      Mon Oct 29 22:06:41.626657 2001 (1004360801.627)
>   Server Fin Time:      Mon Oct 29 22:06:45.996642 2001 (1004360805.997)
>   Client Fin Time:      Mon Oct 29 22:06:45.456174 2001 (1004360805.456)
> WARNING!!!!  Information may be invalid, 74429 bytes were not captured
>     Request for '/eng/main.htm HTTP/1.1'
>  Content Length:      0
>  Time GET sent:       Mon Oct 29 22:06:42.170840 2001 (1004360802.171)
>  Time Answer started:         <the epoch>        (0.000)
>  Time Answer ACKed:           <the epoch>        (0.000)
>  Elapsed time:  0 ms (GET to first byte sent)
>  Elapsed time:  0 ms (GET to content ACKed)
>     Request for '/eng/images/mh01.gif HTTP/'
>  Content Length:      0
>  Time GET sent:       Mon Oct 29 22:06:42.748302 2001 (1004360802.748)
>  Time Answer started:         <the epoch>        (0.000)
>  Time Answer ACKed:           <the epoch>        (0.000)
>  Elapsed time:  0 ms (GET to first byte sent)
>  Elapsed time:  0 ms (GET to content ACKed)
> ----------------------
> 
> How do I use HTTP module of tcptrace when I captured packets of HTTP ?
> 
> 2. The tcptrace could not interprete the tcpdump file of ATM network interface ?
> How to interprete the tcpdump files of ATM interface? 
> I remember that I succeeded it last year. I could not remember the exact tcpdump
> version. 
> 
> Thank you.
> 
> ----------------------------------------------------------------------------
> To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
> majordomo@tcptrace.org.
> 

    ----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.

    This archive was generated by hypermail 2b30 : 10/30/01 EST