Dorcas Batwala wrote:
Dear users,
I am doing some research for a Masters thesis. The research is centred
round Defense against denial of service attacks. I have read about this
software and want to know if I can use it for the work I need to do.
I have to do some packet sniffing on a network and compile statistics
and get a general distribution for packets under normal conditions and
then packets under DDOS attack. So I need a tool that can generate
statistics for me by sniffing packets and showing how many are SYN,
SYN-ACK, etc in a given window of time.
Can Ethereal do this? If so how must I set it up to get this info.
Thanks.
Dorcas
Depending on the OS you're using, you may not need ethereal for this.
For example, I am currently running a transparent firewall using OpenBSD
3.3-STABLE, and one of the things you can do with the pfctl tool (the
command interpreter for pf) is show statistics on how many packets were
passed/dropped, and with a perl/shell script, can parse out the logs to
show you which rule "won" with respect to particular packets.