diff --git a/securite/dm/pcap_analyzer/Cargo.lock b/securite/dm/pcap_analyzer/Cargo.lock index 73094ba..946cc29 100644 --- a/securite/dm/pcap_analyzer/Cargo.lock +++ b/securite/dm/pcap_analyzer/Cargo.lock @@ -215,6 +215,7 @@ version = "0.1.0" dependencies = [ "clap", "etherparse", + "libc", "pcap", ] diff --git a/securite/dm/pcap_analyzer/Cargo.toml b/securite/dm/pcap_analyzer/Cargo.toml index 1dce43a..fe63bb4 100644 --- a/securite/dm/pcap_analyzer/Cargo.toml +++ b/securite/dm/pcap_analyzer/Cargo.toml @@ -6,4 +6,5 @@ edition = "2021" [dependencies] clap = { version = "4.5.7", features = ["derive"] } etherparse = "0.15.0" +libc = "0.2" pcap = "2.0.0" diff --git a/securite/dm/pcap_analyzer/src/main.rs b/securite/dm/pcap_analyzer/src/main.rs index 3cdd889..d234567 100644 --- a/securite/dm/pcap_analyzer/src/main.rs +++ b/securite/dm/pcap_analyzer/src/main.rs @@ -21,9 +21,16 @@ fn main() -> Result<(), Box> { let mut total = 0; let mut total_ipv4 = 0; let mut errs = 0; + let mut first_timestamp = None; + let mut last_timestamp = None; while let Ok(packet) = pcap.next_packet() { total += 1; + last_timestamp = Some(packet.header.ts); + if first_timestamp.is_none() { + first_timestamp = last_timestamp; + } + let Ok(packet) = SlicedPacket::from_ethernet(packet.data) else { errs += 1; continue; @@ -33,9 +40,17 @@ fn main() -> Result<(), Box> { total_ipv4 += 1; } } - println!("Count: {total: >9}"); - println!("Count IPv4: {total_ipv4: >9}"); - println!("Errors: {errs: >9}"); + println!("Count: {total: >20}"); + println!("Count IPv4: {total_ipv4: >20}"); + let non_ipv4 = total - total_ipv4; + println!("non-IPv4 count: {non_ipv4: >20}"); + let first_timestamp = first_timestamp.map(tv_to_sec).unwrap_or_default(); + println!("First timestamp: {first_timestamp: >20.2}"); + let last_timestamp = last_timestamp.map(tv_to_sec).unwrap_or_default(); + println!("Last timestamp: {last_timestamp: >20.2}"); + let avg_packet = (last_timestamp - first_timestamp) / total as f64; + println!("Avg packet rate: {avg_packet: >20.2}"); + println!("Errors: {errs: >20}"); } } @@ -55,3 +70,9 @@ enum Cmd { Links, Stats, } + +fn tv_to_sec(tv: libc::timeval) -> f64 { + let usec_per_sec = 1_000_000; + let usecs = tv.tv_usec + (tv.tv_sec * usec_per_sec); + usecs as f64 / usec_per_sec as f64 +} diff --git a/securite/dm/rapport.md b/securite/dm/rapport.md index 13408bb..343e633 100644 --- a/securite/dm/rapport.md +++ b/securite/dm/rapport.md @@ -156,3 +156,20 @@ Le PcapNg introduit les fonctionnalités suivantes : - Un seul fichier peut contenir plusieurs liens. - Des annotations peuvent être ajoutés aux trammes. - Des structures spécialisés permettent de compacter les données réccurentes (addresses, clés). + +### Basic traffic stats + +#### How many IPv4 packets does the trace contain (as IPv4 count:)? + +```sh +pcap_analyzer ./trace2.pcap stats +# Count: 30611000 +# Count IPv4: 28893393 +# non-IPv4 count: 1717607 +``` + +La trace contient 28 893 393 paquets IPv4. + +#### How many non-IPv4 packets does the trace contain (as non-IPv4 count:)? + +La trace contient 1 717 607 paquets non-IPv4. \ No newline at end of file