On Apr 5, 2007, at 5:44 PM, James K. Lowden wrote:
> You need averages over time.  I'm sure there are other ways, but if it
> were me, I'd use sqlite3, believe it or not.  You can import your text
> file, above, and use the database's time and avg() functions to  
> compute
> your answer.

That'd be one way.... But a .cap file is a relatively trivial file  
format.  There's a pcap_file_header and a pcap_pkthdr in front of  
each packet in the file.  Find the first pcap_pkt hdr, record the  
timestamp and len (see /usr/include/pcap.h) and you have the  
equivalent of your tcptrace output.  Pump it into gnuplot and you're  
done...

Should be <100 lines of code.

Make sure you use "tcpdump -s0" to generate the .cap.