대용량 패킷 분석 #1 - tcpdstat

대용량 패킷 분석이라고는 했지만 분석할 대용량 패킷이 없어서 패킷 덤프한 파일 시이즈 900MB 정도로 분석할 예정이다.

 

tcpdstat

 

tcpdstat는 프로토콜 통계를 알려주는 유틸이다.

 

$ sudo tcpdstat test.pcap

DumpFile:  test.pcap
FileSize: 845.52MB
Id: 201303041256
StartTime: Mon Mar  4 12:56:19 2013
EndTime:   Mon Mar  4 14:29:15 2013
TotalTime: 5575.40 seconds
TotalCapSize: 832.83MB  CapLen: 1514 bytes

# of packets: 831697 (832.83MB)
AvgRate: 12.83Mbps  stddev:7.07M   PeakRate: 89.73Mbps

 

### IP flow (unique src/dst pair) Information ###
# of flows: 303  (avg. 2744.87 pkts/flow)
Top 10 big flow size (bytes/total in %):
 20.3% 20.3% 15.5% 11.8%  6.7%  3.4%  2.3%  1.5%  1.0%  1.0%

 

### IP address Information ###
# of IPv4 addresses: 112
Top 10 bandwidth usage (bytes/total in %):
 46.3% 32.1% 21.6% 20.7% 20.7% 15.8% 12.1%  7.4%  3.4%  2.3%

### Packet Size Distribution (including MAC headers) ###
<<<<
 [   32-   63]:     250058
 [   64-  127]:       7088
 [  128-  255]:       4419
 [  256-  511]:       1797
 [  512- 1023]:       2095
 [ 1024- 2047]:     566240
>>>>

### Protocol Breakdown ###
<<<<
     protocol           packets                 bytes           bytes/pkt
------------------------------------------------------------------------
[0] total           831697 (100.00%)        873284461 (100.00%)   1050.00
[1] ip              831697 (100.00%)        873284461 (100.00%)   1050.00
[2]  tcp            831625 ( 99.99%)        873275440 (100.00%)   1050.08
[3]   http(s)       571877 ( 68.76%)        858058429 ( 98.26%)   1500.42
[3]   http(c)       259727 ( 31.23%)         15215144 (  1.74%)     58.58
[3]   socks             21 (  0.00%)             1867 (  0.00%)     88.90
[2]  udp                72 (  0.01%)             9021 (  0.00%)    125.29
[3]   dns               72 (  0.01%)             9021 (  0.00%)    125.29
>>>>