[Dshield] Traffic comparison - looking for tools

Josh Tolley josh at raintreeinc.com
Wed Jun 1 18:58:57 GMT 2005

Hi, all -

I'm trying to track down a problem with a client-server application 
where the app quits responding periodically. After some investigation, 
it appears the problem might be caused by dropped packets, though since 
the communication is TCP, and TCP is supposed to handle that kind of 
thing, I can't be too sure. I'd like to set up a sniffer at the client's 
site and one at the server, and just compare to see if what gets sent 
matches what is received.

So a couple of questions:

1) Is there a better way? If the problem is due to lost packets, and if 
the packets are being lost in some malfunctioning/congested router 
somewhere, I can't count on getting ICMP messages about them, so I can't 
look at that. I can't think of too many other options.

2) Any suggestions as to software I can use to compare these two traffic 
streams? My first thought was just load both client- and server-side 
captures in Ethereal, look for connections that were reported as having 
frozen, find the corresponding stream in the other capture, and see if 
all the packets that the client sent actually got there. This will 
definitely be time-consuming, but I don't know of other options.

I'd appreciate any suggestions that can be given. I'm getting the 
distinct impression, just because of the sheer amount of work I think 
I'm setting myself up for, that there must be an easier way I'm just 
missing. Thanks...

Josh Tolley
Raintree Systems, Inc.
Office Phone: (801) 293-3090
Corporate Office: (760) 509-9000

More information about the list mailing list