Walk Through Example - Analyzing and Comparing Network Traffic with traffic_metrics

  1. Follow the steps in Installing traffic_metrics to install traffic_metrics.

  2. Change directory to the “test/test1” folder within traffic_metrics root:

    cd test/test1

  3. In the directory we have files that will be analysed/compared in this walk through page.

These include: ‘f1.pcap, f2.pcap, f1_pkts.csv, f2_pkts.csv, f1_pdus.csv, f2_pdus.csv. Each of the csv files in the directory are outputs that have been obtained from previously running our trafficdatasetmaker tool.

Part 1 - Analyzing Network Traffic Packets and Protocol Data Units (PDUs)

  1. To analyze a single packet capture use the command below:

    traffic_metrics -v -t packets -f ./f1.pcap -o ./test1_out

Alternatively, if the packets dataset has already been created with trafficdatasetmaker, the tool may be used to directly analyze the packets csv files:

traffic_metrics -v -t packets -f ./f1_pkts.csv -o ./test1_out

Furthermore if the dataset CSV of PDUs has already been created use the command below. Only PDU level analysis will be possible. Hence, the -t packets option will need to be changed to -t pdus:

traffic_metrics -v -t pdus -f ./f1_pdus.csv  -o ./test1_out

Part 2 - Comparing Network Traffic Packets and Protocol Data Units (PDUs)

  1. To compare 2 pcap packet captures use the command below:

    traffic_metrics -v -t packets -f ./f1.pcap -f ./f2.pcap -o ./test1_out

The -f may be any mix of pcap files, packets-csv or pdu-csv files

traffic_metrics -v -t packets -f ./f1_pkts.csv -f ./f2_pkts.csv -o ./test1_out

Note

When the comparison involves a CSV of PDUs only PDU level comparison will be possible. Hence, the -t packets option will need to be changed to -t pdus:

traffic_metrics -v -t pdus -f ./f1_pdus.csv -f ./f2_pdus.csv -o ./test1_out

For each of the commands above, the results will be stored in the test1_out folder. The folder contains the pdf, json and csv files that contain many statistics about various metrics of the packet capture. It also contains directories that store individual graphs for each of the metrics calculated. Please go to the test1_out folder to examine the contents.

For all other possible input arguments, and options, especially on how the tool can be used with input filter strings, or on how an interactive web-server dashboard can be generated with the tool, please take a look at the Usage - Analyzing network traces with traffic_metrics page.