pcaps:ixmgtool
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
pcaps:ixmgtool [2019/04/13 19:03] – [trisul_ixmgtool] veera | pcaps:ixmgtool [2019/04/13 19:18] – [Example run] veera | ||
---|---|---|---|
Line 7: | Line 7: | ||
===== What is a FAT pcap file ===== | ===== What is a FAT pcap file ===== | ||
- | A FAT pcap file contains more unique flows and endpoints than a THIN pcap file. | + | < |
+ | </ | ||
While testing NSM((Network Security Monitoring)) | While testing NSM((Network Security Monitoring)) | ||
Line 17: | Line 18: | ||
===== How is it different from mergecap | ===== How is it different from mergecap | ||
- | Mergecap | + | Mergecap |
trisul_ixmgtool when run with the squish option , aligns the timestamps | trisul_ixmgtool when run with the squish option , aligns the timestamps | ||
Line 24: | Line 25: | ||
- | ====== trisul_ixmgtool ====== | + | ====== |
To get the free ixmgtool [[https:// | To get the free ixmgtool [[https:// | ||
Line 37: | Line 38: | ||
**Options** | **Options** | ||
- | * -squish | + | * '' |
- | * -squish10 : fatten by 10 TIMES by taking each TCP flow and making 10 duplicate | + | * '' |
If you run without the squish options, ixmgtool is the same as mergecap. | If you run without the squish options, ixmgtool is the same as mergecap. | ||
+ | |||
+ | |||
Line 46: | Line 49: | ||
===== Example run ===== | ===== Example run ===== | ||
- | Say you have put 10 files in a directory | + | Say you have put 10 files in a directory |
< | < | ||
Line 95: | Line 98: | ||
- | To get a really | + | To get a **really |
+ | |||
+ | |||
+ | |||
+ | < | ||
+ | unpl@unpl: | ||
+ | |||
+ | 5000000 Packets | ||
+ | EOF on wrccdc.regionals.2019-03-01.111203006460000.pcap, | ||
+ | EOF on wrccdc.regionals.2019-03-01.111159006450000.pcap, | ||
+ | EOF on wrccdc.regionals.2019-03-01.111147006420000.pcap, | ||
+ | 8000000 Packets | ||
+ | EOF on wrccdc.regionals.2019-03-01.111143006410000.pcap, | ||
+ | EOF on wrccdc.regionals.2019-03-01.111210006480000.pcap, | ||
+ | EOF on wrccdc.regionals.2019-03-01.111206006470000.pcap, | ||
+ | EOF on wrccdc.regionals.2019-03-01.111151006430000.pcap, | ||
+ | EOF on wrccdc.regionals.2019-03-01.111155006440000.pcap, | ||
+ | EOF on wrccdc.regionals.2019-03-01.111129006380000.pcap, | ||
+ | EOF on wrccdc.regionals.2019-03-01.111138006400000.pcap, | ||
+ | |||
+ | unpl@unpl: | ||
+ | -rw------- 1 unpl unpl 13G Apr 13 13:35 really_fatone.pcap | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | ====== Conclusion ====== | ||
+ | |||
+ | |||
+ | The trisul_ixmgtool part of the Trisul NSM suite can be used for free to create FAT pcaps which can be very useful for stressing NSM solutons. | ||
+ | |||
+ | Using the squish options you can create a mega thick PCAP file for testing by throwing all your PCAP testing files in single directory from varying timestamps and creating a single thick one. | ||
+ | |||
+ | Hope this is useful for the NSM community. | ||
+ | To get the tool : Install the Trisul Probe package for your platform from the [[https:// | ||
pcaps/ixmgtool.txt · Last modified: 2019/04/15 16:50 by veera