Ethereal-users: RE: [Ethereal-users] Advise

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Visser, Martin (Sydney)" <martin.visser@xxxxxx>
Date: Thu, 12 Jun 2003 15:04:22 +1000
You probably need something like this 
tethereal -r <<capture-file>> -R "null" -z ,stat,1, tcp.flags.syn==1&&tcp.flags.ack==0, tcp.flags.syn==1&&tcp.flags.ack==1,tcp.flags.reset==1,tcp.flags.fin==1" 

This will give output like this :-


===================================================================
IO Statistics
Interval: 1.000 secs
Column #0: tcp.flags.syn==1&&tcp.flags.ack==0
Column #1: tcp.flags.syn==1&&tcp.flags.ack==1
Column #2: tcp.flags.reset==1
Column #3: tcp.flags.fin==1
                |   Column #0    |   Column #1    |   Column #2    |   Column #3    
Time            |frames|  bytes  |frames|  bytes  |frames|  bytes  |frames|  bytes  
000.000-001.000       6       360      5       300      0         0     10       600 
001.000-002.000       3       180      3       180      0         0      6       360 
002.000-003.000       1        60      2       120      0         0      2       120 
003.000-004.000       1        60      0         0      0         0      0         0 
004.000-005.000       1        60      2       120      0         0      4      1255 
005.000-006.000       3       180      0         0      0         0      0         0 
006.000-007.000       0         0      3       180      0         0      0         0 
007.000-008.000       3       180      0         0      0         0      6       360 
008.000-009.000       0         0      3       180      0         0      0         0 
009.000-010.000       0         0      0         0      0         0      0         0 
010.000-011.000       0         0      0         0      0         0      0         0 



 
Martin Visser ,CISSP
Network and Security Consultant
Technology & Infrastructure - Consulting & Integration
HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone (: +61-2-9022-1670    Mobile È: +61-411-254-513
   Fax 7: +61-2-9022-1800     E-mail + : martin.visserAThp.com 
-----Original Message-----
From: Dorcas Batwala [mailto:d_batwala@xxxxxxxxxxx] 
Sent: Wednesday, 11 June 2003 7:46 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Advise 


Dear users,
I am doing some research for a Masters thesis. The research is centred round Defense against denial of service attacks. I have read about this software and want to know if I can use it for the work I need to do.
I have to do some packet sniffing on a network and compile statistics and get a general distribution for packets under normal conditions and then packets under DDOS attack. So I need a tool that can generate statistics for me by sniffing packets and showing how many are SYN, SYN-ACK, etc in a given window of time.
Can Ethereal do this? If so how must I set it up to get this info.
Thanks.
Dorcas






STOP MORE SPAM with the new MSN 8 and get 2 months FREE*