Created
January 21, 2013 19:45
-
-
Save labeneator/4588678 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Capture 100 Packets | |
| sh-3.2# tshark -i en1 -c 100 -s0 -w dns.pcap port 53 | |
| Capturing on en1 | |
| 100 | |
| # Pcap Size | |
| sh-3.2# du -sh dns.pcap | |
| 16K dns.pcap | |
| # 100 Packets to a text file | |
| sh-3.2# tshark -i en1 -c 100 port 53 | tee dns.txt | |
| Capturing on en1 | |
| 100 packets captured | |
| .... | |
| # Number of queries in the capture. 50 queries, 50 responses. | |
| sh-3.2# grep -v resp dns.txt | wc -l | |
| 50 | |
| # Example entry | |
| sh-3.2# grep -v resp dns.txt | head -n 1 | |
| 0.005333 192.168.1xx.101 -> 192.168.1xx.2 DNS 87 Standard query 0x707f A XXXXXXXXXXXXXX | |
| # At a rate of 20 packets/sec (10 queries per sec, 10 responses/sec) =~ (100/5.08) | |
| sh-3.2# head -n 1 dns.txt ; tail -n 1 dns.txt ; wc -l dns.txt | |
| 0.000000 192.168.1xx.2 -> 192.168.1xx.101 DNS 159 Standard query response 0xe333 No such name | |
| 5.082457 192.168.1xx.101 -> 192.168.1xx.2 DNS 87 Standard query 0x2d3d AAAA XXXXXXXXXXXXXX | |
| 100 dns.txt | |
| # Count number of bytes | |
| sh-3.2# awk 'BEGIN{bytes=0}{bytes = bytes + $6} END{print "SUM "bytes" averages to "bytes/100 " bytes/pkt";}' dns.txt | |
| SUM 12604 averages to 126.04 bytes/pkt | |
| # So, we got 12,600 bytes in 5 seconds. Multiply this by 12 to get the byte/minute rate, then by 60 minutes/hour. | |
| sh-3.2# echo "12604 * 12 * 60 / (1024*1024)" | bc -l | |
| 8.65447998046875000000 | |
| # That's 8.6 Mb/hour of DNS traffic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment