Wireshark · Ethereal-users: RE: [Ethereal-users] Advise

Ethereal-users: RE: [Ethereal-users] Advise

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Visser, Martin (Sydney)" <martin.visser@xxxxxx>

Date: Thu, 12 Jun 2003 15:04:22 +1000

You probably need something like this 
tethereal -r <<capture-file>> -R "null" -z ,stat,1, tcp.flags.syn==1&&tcp.flags.ack==0, tcp.flags.syn==1&&tcp.flags.ack==1,tcp.flags.reset==1,tcp.flags.fin==1" 

This will give output like this :-


===================================================================
IO Statistics
Interval: 1.000 secs
Column #0: tcp.flags.syn==1&&tcp.flags.ack==0
Column #1: tcp.flags.syn==1&&tcp.flags.ack==1
Column #2: tcp.flags.reset==1
Column #3: tcp.flags.fin==1
                |   Column #0    |   Column #1    |   Column #2    |   Column #3    
Time            |frames|  bytes  |frames|  bytes  |frames|  bytes  |frames|  bytes  
000.000-001.000       6       360      5       300      0         0     10       600 
001.000-002.000       3       180      3       180      0         0      6       360 
002.000-003.000       1        60      2       120      0         0      2       120 
003.000-004.000       1        60      0         0      0         0      0         0 
004.000-005.000       1        60      2       120      0         0      4      1255 
005.000-006.000       3       180      0         0      0         0      0         0 
006.000-007.000       0         0      3       180      0         0      0         0 
007.000-008.000       3       180      0         0      0         0      6       360 
008.000-009.000       0         0      3       180      0         0      0         0 
009.000-010.000       0         0      0         0      0         0      0         0 
010.000-011.000       0         0      0         0      0         0      0         0 



 
Martin Visser ,CISSP
Network and Security Consultant
Technology & Infrastructure - Consulting & Integration
HP Services

3 Richardson Place
North Ryde, Sydney NSW 2113, Australia
Phone (: +61-2-9022-1670    Mobile È: +61-411-254-513
   Fax 7: +61-2-9022-1800     E-mail + : martin.visserAThp.com 
-----Original Message-----
From: Dorcas Batwala [mailto:d_batwala@xxxxxxxxxxx] 
Sent: Wednesday, 11 June 2003 7:46 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Advise 


Dear users,
I am doing some research for a Masters thesis. The research is centred round Defense against denial of service attacks. I have read about this software and want to know if I can use it for the work I need to do.
I have to do some packet sniffing on a network and compile statistics and get a general distribution for packets under normal conditions and then packets under DDOS attack. So I need a tool that can generate statistics for me by sniffing packets and showing how many are SYN, SYN-ACK, etc in a given window of time.
Can Ethereal do this? If so how must I set it up to get this info.
Thanks.
Dorcas






STOP MORE SPAM with the new MSN 8 and get 2 months FREE*

Prev by Date: [Ethereal-users] Binary log question
Next by Date: [Ethereal-users] Display filter for bytes at particular offsets.
Previous by thread: Re: [Ethereal-users] Advise
Next by thread: [Ethereal-users] Do you have Cygwin patches?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$