]> git.somenet.org - pub/jan/netsec2.git/blob - exercise2.tex
SomeNet / public repos / pub / jan / netsec2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
initialize exercise2
[pub/jan/netsec2.git] / exercise2.tex
1 \section{Rep:2.a}
2
3 editcap -F libpcap team15_ex21.pcap ex21.pcap
4
5 filter out large flows (>=400 packets)
6
7 ./readflows.py
8 % (src, dst) : (srctodst, dsttosrc)
9 %{('113.15.85.25', '179.160.238.111'): (463, 0),
10 % ('114.176.157.191', '221.72.61.209'): (541, 0),
11 % ('134.134.122.170', '179.187.246.122'): (419, 0),
12 % ('179.187.53.117', '129.49.173.82'): (472, 0),
13 % ('211.2.138.61', '144.66.241.253'): (462, 151),
14 % ('221.100.234.92', '161.194.49.146'): (547, 0),
15 % ('8.73.98.88', '144.66.191.77'): (535, 0)}
16
17 split into separate files
18
19 (ip.addr == 113.15.85.25 and ip.addr == 179.160.238.111) % large_flow_1.pcap
20 (ip.addr == 114.176.157.191 and ip.addr == 221.72.61.209) % large_flow_2.pcap
21 (ip.addr == 134.134.122.170 and ip.addr == 179.187.246.122) % large_flow_3.pcap
22 (ip.addr == 179.187.53.117 and ip.addr == 129.49.173.82) % large_flow_4.pcap
23 (ip.addr == 211.2.138.61 and ip.addr == 144.66.241.253) % large_flow_5.pcap
24 (ip.addr == 221.100.234.92 and ip.addr == 161.194.49.146) % large_flow_6.pcap
25 (ip.addr == 8.73.98.88 and ip.addr == 144.66.191.77) % large_flow_7.pcap
26
27 generate csv from wireshark for full pcap
28
29