sir_digalot
09-05-2007, 04:17 PM
i have been forwarded a whole bunch of raw TCP flow data from our isp in order to find out where we are maxing out our lines,
unfortnately i never was in the matrix and it all looks like gobbldigook to me... does anyone know how i can make a bunch of fun numbers into say a pretty graph ( just what to divide the numbers by to get meaningful answers? i know it is probably really simple but at the moment all i am seeing is pretty numbers dancing around the screen and mooning me so any help would be appreciated..
here is a sample couple of lines ( ip's have been removed)
ip-source-address* ip-destination-address*..... flows ........octets........ packets........ duration
216.xxx.xxx.xxx............69.xxx.xxx.xxx......... ......96........ 30100341...... 20962.......... 1195504
199.xxx.xxx.xxx............69.xxx.xxx.xxx......... ......98........ 24958874...... 37689.......... 10307112
i figure octets are the actual data in bytes (octets being 8 bits) the packets are, well, packets... the amount of packets should correlate to the amount of data, obviously ( do i multiply the packets by 1500 to get the data?) the duration i am stumped on as it is a 11 minute sample i am looking at but all the numbers are different, is this time in secs? ms? ns?
and flows? are they the number of connections at one time?
if i can get help deciphering some of this i can pretty much figure it out but my searches on the internets also seem to come up pretty blank...
thanks if you can help :D
unfortnately i never was in the matrix and it all looks like gobbldigook to me... does anyone know how i can make a bunch of fun numbers into say a pretty graph ( just what to divide the numbers by to get meaningful answers? i know it is probably really simple but at the moment all i am seeing is pretty numbers dancing around the screen and mooning me so any help would be appreciated..
here is a sample couple of lines ( ip's have been removed)
ip-source-address* ip-destination-address*..... flows ........octets........ packets........ duration
216.xxx.xxx.xxx............69.xxx.xxx.xxx......... ......96........ 30100341...... 20962.......... 1195504
199.xxx.xxx.xxx............69.xxx.xxx.xxx......... ......98........ 24958874...... 37689.......... 10307112
i figure octets are the actual data in bytes (octets being 8 bits) the packets are, well, packets... the amount of packets should correlate to the amount of data, obviously ( do i multiply the packets by 1500 to get the data?) the duration i am stumped on as it is a 11 minute sample i am looking at but all the numbers are different, is this time in secs? ms? ns?
and flows? are they the number of connections at one time?
if i can get help deciphering some of this i can pretty much figure it out but my searches on the internets also seem to come up pretty blank...
thanks if you can help :D