[c-nsp] packet monitoring?

christian.macnevin at uk.bnpparibas.com christian.macnevin at uk.bnpparibas.com
Mon Mar 6 06:05:30 EST 2006 

NetScout's flow recorder does exactly this if you're after a hardware 
based solution. It records
every packet with millisecond time stamping and will graph on same.





Internet
will at harg.net

Sent by: cisco-nsp-bounces at puck.nether.net
06/03/2006 10:49

To
barney.gumbo
cc
cisco-nsp
Subject
Re: [c-nsp] packet monitoring?






barney gumbo wrote:
> To the best of my knowledge,
> ethereal and sniffer can do this to a certain extent however I'm not
> interested in using system resources to capture the whole packet 
payload, I
> just want to be able to sumarize layers 3 through 4 and if the app can 
break
> this down into complete sockets or estimate the UDP flows that would be
> great too.

You can use tethereal's data processing to summarise the data. -z is the 
statistics option. -z io,phs  -z conv,ip  -z conv,tcp are my favourites. 
There 
are wealth of useful options in there.

e.g.

[root at foo ~]# tethereal -i eth2 -z conv,tcp -q -a duration:1
Capturing on eth2
4147 packets captured
================================================================================
TCP Conversations
Filter:<No Filter>
                                                |       <-      | | -> 
    | |     Total     |
                                                | Frames  Bytes | | Frames 

Bytes | | Frames  Bytes |
70.26.94.79:6348     <-> 192.0.1.27:4520       67     71202      31 2305 
     98     73507
140.116.74.26:7043   <-> 192.0.1.185:3615      48      3600      49 51804 
     97     55404
84.133.27.83:50000   <-> 192.0.1.40:1850       57     39980      34 8323 
     91     48303
24.184.200.171:31719 <-> 192.0.1.5:2484        61     86674      29 1740 
     90     88414

[snip]

Will

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



This message and any attachments (the "message") is 
intended solely for the addressees and is confidential. 
If you receive this message in error, please delete it and
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole
or partial, is prohibited except formal approval. The internet
can not guarantee the integrity of this message.
BNP PARIBAS (and its subsidiaries) shall (will) not
therefore be liable for the message if modified. 

**********************************************************************************************

BNP Paribas Private Bank London Branch is authorised
by CECEI & AMF and is regulated by the Financial Services
Authority for the conduct of its investment business in
the United Kingdom.

BNP Paribas Securities Services London Branch is authorised 
by CECEI & AMF and is regulated by the Financial Services 
Authority for the conduct of its investment business in 
the United Kingdom.
  
BNP Paribas Fund Services UK Limited is authorised and 
regulated by the Financial Services Authority

More information about the cisco-nsp mailing list