![]() ![]() # Counter is a *much* better option for what you're doing here. This seems to work just fine: #! /usr/bin/env python Then, you have an error: you forget to divide host_total by the sample_interval value.Īs you also want to add receiver-to-sender traffic and sender-to-receiver, I think the best way would be to use an "ordered" tuple (the order itself does not really matter here, lexicographical order might be fine, but you could also use the arithmetic order since IP addresses are 4 octets integers) as the key for the Counter object. I'm not sure if this is a programming (scapy/python) question or more of a general networking question, so I'm calling it a network programming question.įirst of all, you have a bug in the code you have posted: instead of host_total = traffic_sorted, you probably mean host_total = traffic_sorted. Print "%s: %s (%s) -> %s (%s)" % (human(host_total), src_hostname, src, dst_hostname, dst) Traffic_sorted = sorted(eritems(), key=itemgetter(1), reverse=True) ![]() Sniff(iface="eth1", prn=traffic_monitor_callbak, store=0, timeout=sample_interval) # return human readable units given bytes Sample_interval = 30 # how long to capture traffic, in seconds I can confirm with iftop that 1.5 MB/s is in fact the rate between these two hosts.Īm I totaling up packet lengths incorrectly with scapy (see traffic_monitor_callbak function)? Or is this a poor solution altogether :)? from scapy.all import * For example, I generated an rsync between two hosts at a throttled rate of 1.5 MB/s, but using the above average calculation, my script kept calculating the rate between these hosts as around 200 KB/s.much lower than 1.5 MB/s as I'd expect. So I tried this at the end of the script:īytes per second = (total bytes / sample_interval)īut the resulting Bytes/s seems much lower. I got the sense that changing sample_interval down to 1 second doesn't allow for a good sampling of traffic, so it seems I need to average it out. That's great, but how can I calculate average bytes per second? The following script samples traffic for 30 seconds and then prints a list of the top 10 talkers in the format "source host -> destination host: bytes". I'm aware of tools already available such as iftop and ntop, but I need more control over the output. a list of hosts using the most bandwidth on my network. I'm using scapy to sniff a mirror port and generate a list of the top 10 "talkers", i.e. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |