tcpdump - how to check rate of packets?

tcpdump

Solution 1:

capinfos is what you are looking for:

$ capinfos ddos.cap
File name:           ddos.cap
File type:           Wireshark/tcpdump/... - libpcap
File encapsulation:  Ethernet
Packet size limit:   file hdr: 65535 bytes
Number of packets:   1000000
File size:           189073212 bytes
Data size:           173073188 bytes
Capture duration:    2 seconds
Start time:          Fri Jul  5 16:35:04 2013
End time:            Fri Jul  5 16:35:07 2013
Data byte rate:      69839025.27 bytes/sec
Data bit rate:       558712202.18 bits/sec
Average packet size: 173.07 bytes
Average packet rate: 403523.08 packets/sec
SHA1:                34d758e6445061855ca4397729098f469f411fe3
RIPEMD160:           14f430231fc2962cd86ddb8edb8daf75a5d07af8
MD5:                 5893809fb02d1a20997629a9a501842b
Strict time order:   False

Pay attention to the Data bit rate.

What might help here is if someone could edit the original script above instead of capturing 2000 packets and dropping the rest, to capture all packets for a duration of lets say 5 seconds when the threshold hits.

How about this:

tcpdump -n -s0 -w $dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.cap &
sleep 5 && pkill -HUP -f /usr/sbin/tcpdump

Related

Puppet: certificate verify failed
Monit — Daemonize non-daemon process?
Simple Multihomed Linux Server Issue
MSBuild failing on build looking for older version of Microsoft.Data.Tools.Schema.Sql
Nginx what is the right configuration for Socket.io?
Can't install docker on Debian 8 Jessie anymore
Why is ssh not using identity set in config file?
ADMX Templates Missing - But not really
Setting up an OpenVPN client to connect to the Synology diskstation VPN Server without redirecting all the traffic
Xampp, mysql crashes each time I start it
New SSL Cert now showing up for Postfix in browser (Ubuntu, Namecheap)
How to see history of artifacts in jenkins?