Network Analysis
Netwerk analyse
tcpdump
Met TCPdump maken we een dump van het verkeer naar disk:
tcpdump -w filename.pcap
tcpdstat
[mirror] [Original site] Deze tool stelt ons in staat om statistieken van de pcap file uit te lezen:
root@testd00s:/home/eric# tcpdstat test.pcap DumpFile: test.pcap FileSize: 441.91MB pcap_dispatch:truncated dump file; tried to read 142 captured bytes, only got 8 Id: 201109020808 StartTime: Fri Sep 2 08:08:01 2011 EndTime: Fri Sep 2 09:14:24 2011 TotalTime: 3983.05 seconds TotalCapSize: 435.54MB CapLen: 49298 bytes # of packets: 417725 (435.54MB) AvgRate: 918.42Kbps stddev:7963.55K PeakRate: 98.10Mbps ### IP flow (unique src/dst pair) Information ### # of flows: 282 (avg. 1481.29 pkts/flow) Top 10 big flow size (bytes/total in %): 68.8% 22.1% 3.9% 0.7% 0.5% 0.4% 0.3% 0.3% 0.1% 0.1% ### IP address Information ### # of IPv4 addresses: 147 Top 10 bandwidth usage (bytes/total in %): 99.9% 91.1% 4.0% 0.9% 0.5% 0.5% 0.3% 0.2% 0.1% 0.1% ### Packet Size Distribution (including MAC headers) ### <<<< [ 32- 63]: 3811 [ 64- 127]: 161765 [ 128- 255]: 13197 [ 256- 511]: 1445 [ 512- 1023]: 2039 [ 1024- 2047]: 227130 [ 2048- 4095]: 1818 [ 4096- 8191]: 1034 [ 8192-16383]: 3393 [16384-32767]: 2058 [32768-65535]: 35 >>>> ### Protocol Breakdown ### <<<< protocol packets bytes bytes/pkt ------------------------------------------------------------------------ [0] total 417725 (100.00%) 456692736 (100.00%) 1093.29 [1] ip 408445 ( 97.78%) 455856868 ( 99.82%) 1116.08 [2] tcp 390934 ( 93.59%) 451225115 ( 98.80%) 1154.22 [3] ssh 104 ( 0.02%) 193406 ( 0.04%) 1859.67 [3] http(s) 261759 ( 62.66%) 346302456 ( 75.83%) 1322.98 [3] http(c) 125881 ( 30.13%) 103320254 ( 22.62%) 820.78 [3] https 3190 ( 0.76%) 1408999 ( 0.31%) 441.69 [2] udp 17445 ( 4.18%) 4627793 ( 1.01%) 265.28 [3] dns 32 ( 0.01%) 3119 ( 0.00%) 97.47 [3] netb-ns 2815 ( 0.67%) 260114 ( 0.06%) 92.40 [3] netb-se 74 ( 0.02%) 17555 ( 0.00%) 237.23 [3] mcast 492 ( 0.12%) 61621 ( 0.01%) 125.25 [3] other 14032 ( 3.36%) 4285384 ( 0.94%) 305.40 [2] igmp 66 ( 0.02%) 3960 ( 0.00%) 60.00 >>>>
EtherApe
Deze tool kan grafisch weergeven waar verbindingen naartoe lopen en hoeveel data deze verwerken.