Hi, Since TCP works the way it does a passive observer is able to see packet loss by looking for e.g. duplicate ACKs. For some time I've had a dumpcap process picking out traffic to/from specific destinations and running it through tshark to get the wireshark "Expert Info" output. This turns out to be very interesting data.
The problem is that I'd like to do some further data mining to see if certain sources/destinations are more troubled than others. For this I'd have to isolate each flow and analyse them one by one. Even though this would be possible (and not too hard) with a few scripts, I'd like to know if there might exist some tool/appliance that does this: Looks at traffic (e.g. from a SPAN port) and collects statistics about the flows including analysis of packet loss et cetera. The important part is that it looks at the seperate flows. I've been looking at tstat (http://tstat.tlc.polito.it/index.shtml) and this looks very promising, but it doesn't seem to be able to analyze the different flows seperately. Anybody know of such tool/appliance? Preferably either appliance or something that runs on Linux, but commercial solutions as well as open source. Regards, Peter _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/