Re: Counting Packets Per Second "PCAP ISSUE"

[Amtul Saboor <saboor.amtul () gmail com>]

I m running snort in linux backtrack , i installed latest version of snort
and i m trying to make a dynamic preprocessor by modifying sample dpx.c
file of dpx ( example preprocessor)

I am trying to count unique source ips arriving pr second .

I also want to do this with more gap of intervals , i mean i want to count
unique source ips for every fourth second.

I hv to put the above countd values of two consecutive intervals in a
formula then .  e.g. i will count for 1st second and then for 4th second .
And use the values in a formula then .i also hv to keep all ip addresses of
both intervals in a buffer . ( Ignoring the packets of 2nd n 3rd interval
). And likewise ill do this for 8th n 11 th second , ignoring packets from
9th n 10th second .

But i m unable to grab time in seconds . Also i m confused if the pcap will
ignore the packets arriving in the in between (that i want to ignore)
intervals or not .

Thanks alot for ur time

Regards
On Jun 26, 2014 6:49 AM, "Ed Borgoyn (eborgoyn)" <eborgoyn () cisco com> wrote:

>  Amtul,
>   I'm not exactly sure what you are trying to accomplish.  Nor what
> platform (i.e. OS) you are running on.  But some platforms provide a 'high
> resolution' timer.  This might be a 64 bit counter with sub-millisecond
> resolution.  Generally the OS simply reads a H/W timer and gives it to the
> application without significant overhead.  In other words, the time value
> read is very accurate.
>
>    Can you describe in more detail what you want to build?
>
>      Ed
>     The Snort Team
>
>
>   From: Amtul Saboor <saboor.amtul () gmail com>
> Date: Wednesday, June 25, 2014 4:09 PM
> To: "<snort-devel () lists sourceforge net>" <
> snort-devel () lists sourceforge net>
> Subject: [Snort-devel] Counting Packets Per Second "PCAP ISSUE"
>
>
>  Hello
>
> I am making changes in dpx preprocessor. Well the main issue I am facing
> is that I need to calculate packets per second and then use the count in a
> formula, but the "per second" thing is causing trouble for me. Apparently
> PCAP does not keep a record of "per second" packets.
>
>   I have used time function and calculating diff between curr time and
> previous time (in seconds) and using if condition trying to grab packets
> but the interval is not smooth . I am unable to get correct packet count.
>
> Please suggest what can be done
>
>  Thanks alot
>  --
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!