Ethereal-users: Re: [Ethereal-users] Advise

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Chris Zakelj <cazakelj@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 11 Jun 2003 08:59:58 -0400
Dorcas Batwala wrote:
Dear users,

I am doing some research for a Masters thesis. The research is centred round Defense against denial of service attacks. I have read about this software and want to know if I can use it for the work I need to do.
I have to do some packet sniffing on a network and compile statistics 
and get a general distribution for packets under normal conditions and 
then packets under DDOS attack. So I need a tool that can generate 
statistics for me by sniffing packets and showing how many are SYN, 
SYN-ACK, etc in a given window of time.
Can Ethereal do this? If so how must I set it up to get this info.

Thanks.

Dorcas
Depending on the OS you're using, you may not need ethereal for this. 
For example, I am currently running a transparent firewall using OpenBSD 
3.3-STABLE, and one of the things you can do with the pfctl tool (the 
command interpreter for pf) is show statistics on how many packets were 
passed/dropped, and with a perl/shell script, can parse out the logs to 
show you which rule "won" with respect to particular packets.