diff --git a/securite/dm/pcap_analyzer/src/main.rs b/securite/dm/pcap_analyzer/src/main.rs index 43e646c..dd4ad80 100644 --- a/securite/dm/pcap_analyzer/src/main.rs +++ b/securite/dm/pcap_analyzer/src/main.rs @@ -66,7 +66,7 @@ fn main() -> Result<(), Box> { println!("First timestamp: {first_timestamp: >14.2}"); let last_timestamp = last_timestamp.map(tv_to_sec).unwrap_or_default(); println!("Last timestamp: {last_timestamp: >14.2}"); - let avg_packet = (last_timestamp - first_timestamp) / total as f64; + let avg_packet = total as f64 / (last_timestamp - first_timestamp); println!("Avg packet rate: {avg_packet: >14.4}"); println!("Errors: {errs: >14}"); println!(); diff --git a/securite/dm/rapport.md b/securite/dm/rapport.md index d7bcaa3..e318a45 100644 --- a/securite/dm/rapport.md +++ b/securite/dm/rapport.md @@ -163,15 +163,21 @@ Le PcapNg introduit les fonctionnalités suivantes : ```sh pcap_analyzer ./trace2.pcap stats -# Count: 30611000 -# Count IPv4: 28893393 -# non-IPv4 count: 1717607 -# First timestamp: 1474265898.92 -# Last timestamp: 1474309098.10 -# Avg packet rate: 0.0014 -# Errors: 1717607 +# Count: 30611000 +# Count IPv4: 28893393 +# non-IPv4 count: 1717607 +# First timestamp: 1474265898.92 +# Last timestamp: 1474309098.10 +# Avg packet rate: 0.0014 +# Errors: 1717607 +# # Main Protocols: # - 6 (TCP - Transmission Control) 28893393 ( 94.39%) +# +# Unique sources: 988082 +# Unique destinations: 32769 +# Source with most bytes: "[58, 51, 150, 96]" +# Source with most packets: "[58, 51, 150, 96]" ``` La trace contient 28 893 393 paquets IPv4. @@ -197,12 +203,28 @@ Le taux de paquets de la trace est 0.0014 paquet par seconde. ... #### How many unique IPv4 source addresses are present in the trace (as Unique sources:)? + +La trace montre des paquets ayant 988 082 sources différentes. + #### How many unique IPv4 destination addresses are present in the trace (as Unique destinations:)? + +La trace montre des paquets ayant 32 769 destinations différentes. + #### Create a cumulative distribution function (CDF) plot. The x-axis is the number of bytes sent and the y-axis is the cumulative fraction of sources. ... #### Which source sent the most bytes (as Source with most bytes:)? + +L'addresse ayant envoyée le plus grand nombre d'octets est 58.51.150.96. + #### Which source sent the most packets (as Source with most packets:)? Based on your analysis of the trace: + +L'addresse ayant envoyée le plus grand nombre de packets est 58.51.150.96. + #### List 3 characteristics of the traffic that seem unusual to you. + +- Tout le traffic est en TCP. +- Le traffic est très étalé : < 0.01 packet par seconde. + #### Provide a reasonable explanation for what traffic the trace represents, taking into account the unusual characteristics you have identified. \ No newline at end of file