A small tool-related tangent: > I analyze TCP by using xplot (in pkgsrc as graphics/xplot and > graphics/xplot-devel), and have modified tcpdump2xplot to deal > with the drift in tcpdump output over the years (since xplot > was written in about 1989!).
When I do similar things, I use "tcptrace" (in pkgsrc net/tcptrace), which also produces input plot files to xplot. "tcptrace -G <pcap-file>" will leave a number of *.xpl files in your current directory. For the most useful view, the pcap should be captured at the sender. Best regards, - HÃ¥vard
