openpacket-devel

[Openpacket-devel] File Naming Conventions

[Mark M. <mas...@gm...>]

Hello -

I'm still working on a Rails version of the site.
No problem if you end up using David's version.

Are you writing any information in the uploaded caps filenames?
Source, application, os, date, version information?

If I download caps from the site, how do I keep them organized?

Take it easy.

Mark

Re: [Openpacket-devel] File Naming Conventions

[Tim F. <fu...@cc...>]

Good point - I'd suggest the submitter's userid, a timestamp either of the
start of the capture or of the submission, and a short description/title
submitted by the user (probably a normalized version of a short free-text
title).  For the timestamp, the start of capture would be better, but that
might be information that the user wants to be anonymized, in which case the
submission timestamp might be more appropriate.

I don't know about putting too much more information in the filename; if we
want it to carry along a lot of meta-info, perhaps we should think about
including an associated text .readme or xml .meta_info file (then all of the
d/l files would have to be archives), or including fake packets in the trace
to carry meta-info (not exactly an elegant solution).  I'm just thinking
that with all of the meta-info we could possibly include, the filename could
start getting a bit silly after a few revs.  It might be better to just
allow users to look up all the meta-info on the website via filename or
md5sum or something, though I'd agree it would be nice to have all the
necessary info without having to go back to the website, for various reasons
(e.g. lack of connectivity of either the user or the site).

-Tim

On 7/30/06, Mark Mason <mas...@gm...> wrote:
>
> Hello -
>
> I'm still working on a Rails version of the site.
> No problem if you end up using David's version.
>
> Are you writing any information in the uploaded caps filenames?
> Source, application, os, date, version information?
>
> If I download caps from the site, how do I keep them organized?
>
> Take it easy.
>
> Mark
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Openpacket-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openpacket-devel
>



-- 
Tim Furlong
tim...@gm...

Re: [Openpacket-devel] File Naming Conventions

[Jacob H. <ha...@gm...>]

Along the lines of meta information, it might be useful to either
build our web app to get statistics about the capture or use tcpdstat
(1) and store that as meta information.

Jake

1: http://staff.washington.edu/dittrich/talks/core02/tools/tools.html

On 7/30/06, Tim Furlong <fu...@cc...> wrote:
>
> Good point - I'd suggest the submitter's userid, a timestamp either of the
> start of the capture or of the submission, and a short description/title
> submitted by the user (probably a normalized version of a short free-text
> title).  For the timestamp, the start of capture would be better, but that
> might be information that the user wants to be anonymized, in which case the
> submission timestamp might be more appropriate.
>
> I don't know about putting too much more information in the filename; if we
> want it to carry along a lot of meta-info, perhaps we should think about
> including an associated text .readme or xml .meta_info file (then all of the
> d/l files would have to be archives), or including fake packets in the trace
> to carry meta-info (not exactly an elegant solution).  I'm just thinking
> that with all of the meta-info we could possibly include, the filename could
> start getting a bit silly after a few revs.  It might be better to just
> allow users to look up all the meta-info on the website via filename or
> md5sum or something, though I'd agree it would be nice to have all the
> necessary info without having to go back to the website, for various reasons
> ( e.g. lack of connectivity of either the user or the site).
>
> -Tim
>
>
> On 7/30/06, Mark Mason <mas...@gm... > wrote:
> > Hello -
> >
> > I'm still working on a Rails version of the site.
> > No problem if you end up using David's version.
> >
> > Are you writing any information in the uploaded caps filenames?
> > Source, application, os, date, version information?
> >
> > If I download caps from the site, how do I keep them organized?
> >
> > Take it easy.
> >
> > Mark
> >
> >
> -------------------------------------------------------------------------
> > Take Surveys. Earn Cash. Influence the Future of IT
> > Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> > opinions on IT & business topics through brief surveys -- and earn cash
> >
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > _______________________________________________
> > Openpacket-devel mailing list
> > Ope...@li...
> >
> https://lists.sourceforge.net/lists/listinfo/openpacket-devel
> >
>
>
>
> --
> Tim Furlong
> tim...@gm...
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>
> _______________________________________________
> Openpacket-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openpacket-devel
>
>
>

Re: [Openpacket-devel] File Naming Conventions

[Richard B. <tao...@gm...>]

On 7/31/06, Jacob Ham <ha...@gm...> wrote:
> Along the lines of meta information, it might be useful to either
> build our web app to get statistics about the capture or use tcpdstat
> (1) and store that as meta information.
>
> Jake
>

Jake and all,

Great idea -- I suggest capinfos instead of Tcpdstat, since the
protocol breakdown from Tcpdstat isn't very reliable.  Capinfos gets
to the heart of what you probably like about Tcpdstat anyway.
Capinfos is packaged with Ethereal/Wireshark.

$ capinfos res_inn.lpc
File name: res_inn.lpc
File type: libpcap (tcpdump, Ethereal, etc.)
Number of packets: 28079
File size: 16661237 bytes
Data size: 16211949 bytes
Capture duration: 2867.890522 seconds
Start time: Thu Mar 30 21:57:25 2006
End time: Thu Mar 30 22:45:13 2006
Data rate: 5652.92 bytes/s
Data rate: 45223.34 bits/s
Average packet size: 577.37 bytes

Speaking of summarization, would statistics like this be of any use?

$ tethereal -nq -z io,phs -r res_inn.lpc

===================================================================
Protocol Hierarchy Statistics
Filter: frame

frame                                    frames:28079 bytes:16211949
  eth                                    frames:28079 bytes:16211949
    ip                                   frames:27463 bytes:16179237
      tcp                                frames:22417 bytes:15777169
        http                             frames:1558 bytes:1116140
          image-gif                      frames:81 bytes:56366
          data-text-lines                frames:330 bytes:322423
          image-jfif                     frames:11 bytes:8028
            malformed                    frames:9 bytes:6831
          http                           frames:1 bytes:321
        tcp.segments                     frames:283 bytes:202533
          http                           frames:250 bytes:170943
            data-text-lines              frames:82 bytes:68786
            image-gif                    frames:68 bytes:47104
            media                        frames:2 bytes:2811
            image-jfif                   frames:21 bytes:19560
          ssl                            frames:33 bytes:31590
        ssl                              frames:426 bytes:252570
          malformed                      frames:19 bytes:11155
        pop                              frames:7915 bytes:11446426
        data                             frames:2 bytes:1755
        smtp                             frames:53 bytes:20255
      icmp                               frames:3984 bytes:221437
      udp                                frames:1053 bytes:180145
        dns                              frames:390 bytes:36121
        snmp                             frames:23 bytes:2737
        data                             frames:46 bytes:2284
        bootp                            frames:109 bytes:37308
        nbdgm                            frames:297 bytes:69841
          smb                            frames:297 bytes:69841
            mailslot                     frames:297 bytes:69841
              browser                    frames:297 bytes:69841
        syslog                           frames:35 bytes:8234
        sip                              frames:20 bytes:9380
        nbns                             frames:124 bytes:12920
        http                             frames:6 bytes:1050
        ntp                              frames:3 bytes:270
      igmp                               frames:9 bytes:486
    arp                                  frames:616 bytes:32712
===================================================================

This is less detailed than what the Ethereal GUI provides, but still a
powerful breakdown by protocol.

Richard