https://wiki.frotmail.nl/index.php?action=history&feed=atom&title=Network_Analysis 2026-06-15T08:00:29Z Revision history for this page on the wiki MediaWiki 1.45.3 https://wiki.frotmail.nl/index.php?title=Network_Analysis&diff=93&oldid=prev 2022-04-05T09:36:29Z

<p>Created page with &quot;=Netwerk analyse= ==tcpdump== Met TCPdump maken we een dump van het verkeer naar disk: tcpdump -w filename.pcap ==tcpdstat== <a href="/index.php?title=Http://frotmail.nl/tools/tcpdstat-uw.tar.gz_mirror&amp;action=edit&amp;redlink=1" class="new" title="Http://frotmail.nl/tools/tcpdstat-uw.tar.gz mirror (page does not exist)">http://frotmail.nl/tools/tcpdstat-uw.tar.gz mirror</a> <a href="/index.php?title=Http://staff.washington.edu/dittrich/talks/core02/tools/tools.html_Original_site&amp;action=edit&amp;redlink=1" class="new" title="Http://staff.washington.edu/dittrich/talks/core02/tools/tools.html Original site (page does not exist)">http://staff.washington.edu/dittrich/talks/core02/tools/tools.html Original site</a> Deze tool stelt ons in staat om statistieken van de pcap file uit te lezen: root@testd00s:/home/eric# tcpdstat test.pcap DumpFile: test.pcap FileSize: 441.91MB pcap_dispatch:truncated dump file; tried...&quot;</p> <p><b>New page</b></p><div>=Netwerk analyse=<br /> ==tcpdump==<br /> Met TCPdump maken we een dump van het verkeer naar disk:<br /> tcpdump -w filename.pcap<br /> <br /> ==tcpdstat==<br /> [[http://frotmail.nl/tools/tcpdstat-uw.tar.gz mirror]] [[http://staff.washington.edu/dittrich/talks/core02/tools/tools.html Original site]]<br /> Deze tool stelt ons in staat om statistieken van de pcap file uit te lezen:<br /> root@testd00s:/home/eric# tcpdstat test.pcap<br /> <br /> DumpFile: test.pcap<br /> FileSize: 441.91MB<br /> pcap_dispatch:truncated dump file; tried to read 142 captured bytes, only got 8<br /> Id: 201109020808<br /> StartTime: Fri Sep 2 08:08:01 2011<br /> EndTime: Fri Sep 2 09:14:24 2011<br /> TotalTime: 3983.05 seconds<br /> TotalCapSize: 435.54MB CapLen: 49298 bytes<br /> # of packets: 417725 (435.54MB)<br /> AvgRate: 918.42Kbps stddev:7963.55K PeakRate: 98.10Mbps <br /> <br /> ### IP flow (unique src/dst pair) Information ###<br /> # of flows: 282 (avg. 1481.29 pkts/flow)<br /> Top 10 big flow size (bytes/total in %):<br /> 68.8% 22.1% 3.9% 0.7% 0.5% 0.4% 0.3% 0.3% 0.1% 0.1% <br /> <br /> ### IP address Information ###<br /> # of IPv4 addresses: 147 <br /> Top 10 bandwidth usage (bytes/total in %):<br /> 99.9% 91.1% 4.0% 0.9% 0.5% 0.5% 0.3% 0.2% 0.1% 0.1%<br /> ### Packet Size Distribution (including MAC headers) ###<br /> &lt;&lt;&lt;&lt;<br /> [ 32- 63]: 3811<br /> [ 64- 127]: 161765<br /> [ 128- 255]: 13197<br /> [ 256- 511]: 1445<br /> [ 512- 1023]: 2039<br /> [ 1024- 2047]: 227130<br /> [ 2048- 4095]: 1818<br /> [ 4096- 8191]: 1034<br /> [ 8192-16383]: 3393<br /> [16384-32767]: 2058<br /> [32768-65535]: 35<br /> &gt;&gt;&gt;&gt;<br /> <br /> <br /> ### Protocol Breakdown ###<br /> &lt;&lt;&lt;&lt;<br /> protocol packets bytes bytes/pkt<br /> ------------------------------------------------------------------------<br /> [0] total 417725 (100.00%) 456692736 (100.00%) 1093.29<br /> [1] ip 408445 ( 97.78%) 455856868 ( 99.82%) 1116.08<br /> [2] tcp 390934 ( 93.59%) 451225115 ( 98.80%) 1154.22<br /> [3] ssh 104 ( 0.02%) 193406 ( 0.04%) 1859.67<br /> [3] http(s) 261759 ( 62.66%) 346302456 ( 75.83%) 1322.98<br /> [3] http(c) 125881 ( 30.13%) 103320254 ( 22.62%) 820.78<br /> [3] https 3190 ( 0.76%) 1408999 ( 0.31%) 441.69<br /> [2] udp 17445 ( 4.18%) 4627793 ( 1.01%) 265.28<br /> [3] dns 32 ( 0.01%) 3119 ( 0.00%) 97.47<br /> [3] netb-ns 2815 ( 0.67%) 260114 ( 0.06%) 92.40<br /> [3] netb-se 74 ( 0.02%) 17555 ( 0.00%) 237.23<br /> [3] mcast 492 ( 0.12%) 61621 ( 0.01%) 125.25<br /> [3] other 14032 ( 3.36%) 4285384 ( 0.94%) 305.40<br /> [2] igmp 66 ( 0.02%) 3960 ( 0.00%) 60.00<br /> &gt;&gt;&gt;&gt; <br /> ==EtherApe==<br /> Deze tool kan grafisch weergeven waar verbindingen naartoe lopen en hoeveel data deze verwerken.</div>

Eric