Network Analysis
Jump to navigation
Jump to search
Netwerk analyse
tcpdump
Met TCPdump maken we een dump van het verkeer naar disk:
tcpdump -w filename.pcap
tcpdstat
[mirror] [Original site] Deze tool stelt ons in staat om statistieken van de pcap file uit te lezen:
root@testd00s:/home/eric# tcpdstat test.pcap
DumpFile: test.pcap
FileSize: 441.91MB
pcap_dispatch:truncated dump file; tried to read 142 captured bytes, only got 8
Id: 201109020808
StartTime: Fri Sep 2 08:08:01 2011
EndTime: Fri Sep 2 09:14:24 2011
TotalTime: 3983.05 seconds
TotalCapSize: 435.54MB CapLen: 49298 bytes
# of packets: 417725 (435.54MB)
AvgRate: 918.42Kbps stddev:7963.55K PeakRate: 98.10Mbps
### IP flow (unique src/dst pair) Information ###
# of flows: 282 (avg. 1481.29 pkts/flow)
Top 10 big flow size (bytes/total in %):
68.8% 22.1% 3.9% 0.7% 0.5% 0.4% 0.3% 0.3% 0.1% 0.1%
### IP address Information ###
# of IPv4 addresses: 147
Top 10 bandwidth usage (bytes/total in %):
99.9% 91.1% 4.0% 0.9% 0.5% 0.5% 0.3% 0.2% 0.1% 0.1%
### Packet Size Distribution (including MAC headers) ###
<<<<
[ 32- 63]: 3811
[ 64- 127]: 161765
[ 128- 255]: 13197
[ 256- 511]: 1445
[ 512- 1023]: 2039
[ 1024- 2047]: 227130
[ 2048- 4095]: 1818
[ 4096- 8191]: 1034
[ 8192-16383]: 3393
[16384-32767]: 2058
[32768-65535]: 35
>>>>
### Protocol Breakdown ###
<<<<
protocol packets bytes bytes/pkt
------------------------------------------------------------------------
[0] total 417725 (100.00%) 456692736 (100.00%) 1093.29
[1] ip 408445 ( 97.78%) 455856868 ( 99.82%) 1116.08
[2] tcp 390934 ( 93.59%) 451225115 ( 98.80%) 1154.22
[3] ssh 104 ( 0.02%) 193406 ( 0.04%) 1859.67
[3] http(s) 261759 ( 62.66%) 346302456 ( 75.83%) 1322.98
[3] http(c) 125881 ( 30.13%) 103320254 ( 22.62%) 820.78
[3] https 3190 ( 0.76%) 1408999 ( 0.31%) 441.69
[2] udp 17445 ( 4.18%) 4627793 ( 1.01%) 265.28
[3] dns 32 ( 0.01%) 3119 ( 0.00%) 97.47
[3] netb-ns 2815 ( 0.67%) 260114 ( 0.06%) 92.40
[3] netb-se 74 ( 0.02%) 17555 ( 0.00%) 237.23
[3] mcast 492 ( 0.12%) 61621 ( 0.01%) 125.25
[3] other 14032 ( 3.36%) 4285384 ( 0.94%) 305.40
[2] igmp 66 ( 0.02%) 3960 ( 0.00%) 60.00
>>>>
EtherApe
Deze tool kan grafisch weergeven waar verbindingen naartoe lopen en hoeveel data deze verwerken.