DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th July 2008
brokensilence brokensilence is offline
New User
 
Join Date: Jul 2008
Posts: 1
Thanked 0 Times in 0 Posts
Default Help with tcpdump file

Dear Frends?? need ur help

first of all i am new to this forum.secondly i m in desperate need of help with tcpdump. my problem is i got a dump file n i need to get the following parameters from it. but i dont need command for them. the patameters are the following :

Number of IP addresses contacted
Number of packet per each connection
How much data per connection has exchanged
Number of over all connections
What are the distributions of connection?
Constant number of connection over time. does it change or remain constant.
Randomization of ports per connection
Number of connection per port.
Time between first and last Packet
Average packet size
Average packet/sec
Total bytes, average bytes/sec
and
Average Kbits/sec

thanks
Reply With Quote
  #2   (View Single Post)  
Old 9th July 2008
J65nko J65nko is online now
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,116
Thanked 182 Times in 149 Posts
Default

This is not a trivial problem.

You will need:
  • A good study of the tcpdump man page for the display format of the tcpdump file.
  • A reasonable knowledge of regular expressions to parse the file
  • Knowledge of a script language like awk, perl, python or ruby to produce the stats.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 10th July 2008
audio audio is offline
Port Guard
 
Join Date: May 2008
Posts: 17
Thanked 0 Times in 0 Posts
Default

I wouldn't try using tcpdump to analyze the packet capture to get the data you want. I'd try using something like argus. Perhaps there is a better tool out there though.
Reply With Quote
Reply

Tags
statistics, tcpdump

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PHP read file contents - Maximum file size cksraj Programming 1 21st September 2009 11:38 AM
echo tcpdump date to an output bsdnewbie999 Programming 8 8th April 2009 02:58 PM
tcpdump package bsdnewbie999 OpenBSD Packages and Ports 6 30th March 2009 05:24 PM
tcpdump snaplen WARNING bsdnewbie999 OpenBSD General 1 17th March 2009 03:24 AM
i would like to know about tcpdump chamnanpol FreeBSD General 8 17th September 2008 11:00 AM


All times are GMT. The time now is 02:52 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick