how to measure size of data that transfer in connection?

hossein_talebi · November 8, 2008, 6:51pm

Hi

i want measure size of data thet transfer in per side(how many recieve and how many send)

I have downloaded one file with size:almost 4MB
and capture its with tcpdump(only with filtering on tcp header and on my IP )
and sum of received data in connections almost is:4MB (this sum have been measured in Bro via field of endpoint size in connection)
then i filter same output of tcpdump only for tcpflags(SYN,SYN-ACK,FIN) and save with pcap format
and sum of received data in connections almost is:1MB

i don’t know reason of this repugnance
i need measure size of data that transfer in per side of connection realy while i have filter network traffic only
for SYN,SYN-ACK,FIN packet header

how to solve this problem?

please help me
thanks

hossein_talebi · November 8, 2008, 8:37pm

Hi
my problem is not filtering but my problem is obtain accurate size of transfer byte
i have checked these policies and apply very much and understand them completly
but apply conn policy on 2 tcpdump file(that one include all of packet headers and other include only SYN,SYN_ACK,FIN packet headers) have different results
why???
thanks

Topic		Replies	Views
how to measure size of data that transfer in connections (SYN FIN RST)? Zeek	1	56	May 6, 2022
buglet in FTP processing for 1.E7Vo2Cjyt39.pcap in slice 9 Development development	2	55	May 6, 2022
Daily report and Byte Transfer Pairs Zeek	1	66	May 6, 2022
count connection bytes Zeek	2	159	May 6, 2022
window size Zeek	2	55	May 6, 2022

how to measure size of data that transfer in connection?

Related Topics