pcap_microburst

pcap_microbust is a simple packet analyzer tool used to extract microbust information from PCAP

NOTE: Expected capture port is hardware capture running at 10Gbit. Software timestamps create too much variability to effectively calculate microburst activity.

Algo

Command line options


Options:
  --stdin                 | read file from stdin
  --status                | print processing status updates
  --burst-thresh <Gbps>   | threshold for burst starting in Gbps (default 1.0 Gbps)
  --pkt-thresh   <count>  | threshold for number of packets required to detect microburst (default 128)
  --size-thresh  <bytes>  | threshold for number of bytes required to detect microburst (default 128 kib = 131072
  --metamako              | use packet timestamp from metamako footer
  --timebin      <ns>     | sample packets into timebins of <ns> long slices

Examples

$ pcap_microburst  defcon22_hitcon.pcap

{"timestamp": "1612677365018670719", "packet_count": 204, "bytes": 280484, "packet_bytes_mean": 137.49019, "gbps_max": 10.252778, "gbps_mean": 9.87557, "burst_duration_ms": 20.15627 }

Support

This tool is part of the fmadio 10G sniffer appliance, more information can be found at http://fmad.io

Contact us for any bugs/patches/requests send a mail to: support at fmad.io

About

PCAP Microburst detection utility

MIT License

Languages

Language:C 98.9%Language:Makefile 1.1%