Usage - Analyzing network traces with traffic_metrics¶
Usage¶
The usage command for the traffic_metrics tool is as given below:
usage: traffic_metrics [-h] [-v] [-t {packets,pdus,both}] [-f FILES]
[-n FILENAMES] -o OUTDIR [-d] [-s FILTER_STR]
[-k {global,per_user_session,both}]
**required arguments**:
-f FILES, --file FILES
pcapfile, or csvfile of pkts/pdus (default: [])
-o OUTDIR, --outdir OUTDIR
directory to store results (default: None)
**optional arguments**:
-h, --help
show this help message and exit
-v, --verbose
increase verbosity of log output
-t {packets,pdus,both}, --analysistype {packets,pdus,both}
the type of analysis to perform. When the 'analysistype' argument
selected is 'pdus', only the 'application level pdus metrics'
are calculated. When the 'analysistype' argument selected is
'packets', all metrics except the 'application level pdus metrics'
are calculated. Selecting 'both' calculates all metrics
-n FILENAMES, --file-name FILENAMES
names to be used for each file input (default: [])
-d, --rundashboard
launch a webserver containing a dashboard
for interactive visualization of charts (default: False)
-s FILTER_STR, --filterstring FILTER_STR
filter packets to analyze (default: None)
-k {global,per_user_session,both}, --analysis-kind {global,per_user_session,both}
perform analysis of entire input or for each app user-
session in input (default: both)
The library can also be used within python with the code below:
from traffic_metrics.traffic_metrics import Traffic_Metrics
tm = Traffic_Metrics(analysistype, files, outdir, rundashboard,
filter_str, filenames, analysis_kind)
tm.run()
Filter String Format¶
The filter string specified with the --filter-str option must be a string
in json format that can specify time, src_mac, dst_mac, src_ip,
dst_ip, src_port, dst_port
When time is to be specified it must be a list of length 2, that contains
[t1, t2] in seconds. When specified, only packets in the time interval between
t1 and t2 will be considered in the analysis. t1 and t2 are measured in terms
relative seconds from the time of the first packet.
When any combination of src_mac, dst_mac, src_ip, dst_ip, src_port or
dst_port is selected, the system filters the packets to include only those
that match the selected specified values using an ‘AND’ combination only.
For example a filter string would look like:
--filter-str '{"time":[10,50],"src_ip":"10.10.20.10","dst_ip":"10.10.20.11"}'
With the above example, the system will only analyze packets in the input trace file, that have timestamps between 10 and 50 seconds after the first packet of the trace file, and that have source IP address of “10.10.20.10”, and destination IP of “10.10.20.11”.
Metrics¶
This traffic_metrics tool reports the metrics listed below. Note that when the ‘analysistype’ argument is ‘pdus’, only the ‘application level PDU metrics’ are calculated.
For each of the metrics below the tool calculates the statistics listed in the statistics section below, and the associated charts are included.
General metrics
packet_rate
inter_packet_time
throughput
packet_size
layer2 metrics
l2_payload_throughput
l2_payload_size
layer3 metrics
l3_payload_throughput
l3_payload_size
layer4 metrics
l4_payload_throughput
l4_payload_size
l4_tcp_retransmitted_rate
l4_outoforder_rate
l4_window_size
l4_unacked_inflight_data
Application level PDU metrics
app_pdu_rate
app_pdu_throughput
app_inter_pdu_time
app_srv_resp_time
app_pdu_size
app_pdu_throughput_no_zeros
app_pdu_rate_no_zeros
Statistics¶
For each of the metrics above we calculate the statistics below:
dataset_len
mean
median
std
max
min
range
index of dispersion
inter-quartile-range
skewness
kurtosis
Hurst exponent
25th_percentile
50th_percentile
75th_percentile
Graphs¶
This traffic_metrics tool generates the graphs listed below in the plots folder within the specified output directory. For each metric, we plot the graphs below:
time series graph
frequency histogram
cumulative frequency curves
Box plots
Q-Q plots