script for analysis of tcpdump log file

Asked Nov 19 '15 at 20:28

Active Nov 19 '15 at 20:28

Viewed 419 times

I'm trying to get the following metrics from my tcpdump log file:

(1) one-way delay, (2) request/response delay, (3) packet loss, (4) overall transaction duration and (5) delay variation (jitter).

For clarification: transaction duration refers to the time it takes to complete one action: fetching a web page, sending an email or downloading a file through ftp. (however in the case of FTP it refers to the downloading of one single file, not the entire session)

While 1,2,3 and 5 are relatively seem relatively easy to script I'm a bit stuck on getting 4 in a somewhat automated way.

The protocols involved: TCP, UDP, DNS, ICMP, FTP, Mail(smtp) I'm trying to make a ddos impact analysis as described in this paper

Question is two-fold:

1) Are there existing scripts/ tools that already exist that do the above?(time saver)

2) What would be a good approach for 4?

asked Nov 19 '15 at 20:28

MSB

wireshark has analysis tools for this type of thing. – schroeder Nov 19 '15 at 22:46
Could you elaborate? I am aware of Wireshark's basic functionalities, I haven't really had to use it's more "complex" features before. – MSB Nov 20 '15 at 10:04
Check out the "Analyze" and "Statistics" menus – schroeder Nov 20 '15 at 15:51

script for analysis of tcpdump log file

0 Answers0