Sunday, November 18, 2007

Packets -> Flows -> CSV -> Graph

Comma-Separated Values(CSV) file format is widely used and it can be easily parsed by lot of graphing tools. Here's the simple trick to generate CSV data from packet dump(pcap) with the used of upcoming argus 3 and the pipe.

Say I downloaded this slammer.pcap that available at wireshark sample capture wiki -

http://wiki.wireshark.org/SampleCaptures

shell>argus -w - -r slammer.pcap | \
ra -nnr - -c ',' -s saddr daddr dport - ip

213.76.212.22,65.165.167.86,1434

There's only one flow but you get the idea of how to generate the CSV ouput from packet dump(pcap). The next thing to do is to generate the graph, I won't show it here but you are free to use any application such as OpenOffice Spreadsheet, afterglow and etc for that purpose.

The good thing about argus is that it provides wide range of useful flow metrics so you can actually generate rich set of data for graphing purpose.

Enjoy (;])

No comments: