首页 > Tips & How-tos > Packet Sniffer Tips: make use of packet size distribution statistics

Packet Sniffer Tips: make use of packet size distribution statistics

Packet Size Distribution is an important statistic group in the Summary tab in Colasoft Capsa, from which we can get useful information. The Packet Size Distribution group does statistic over seven packet size ranges with their own throughput, packet counting, utilization, and so on. The bigger packet size may result in more Bytes if the packets number equals the ones with smaller packet size. These statistics seem just do simple statistics, but they also give us important information to help us monitor and analyze the network.

packet_size_distribution
The Packet Size Distribution Statistic Group in Summary Tab

The packet size distribution group can help us manage the network in the following ways:

1. Excessive <=64, 65-127 Packets: Attacks

We know ARP packets are 64 bytes and general TCP STN packets are about 66 bytes. Small sized packets contain less data. A network device needs to spend much of its resource to deal with excessive small sized packets which will result in inefficient to handle normal packets. So if the number is very big than other packet size statistic items, you should be alerted that it might be an attack such as ARP flooding, ARP spoofing, port scanning, worm activities, or DDoS attack.

2. Excessive 1024-1517, >=1518 Packets: Download

With larger size, a packet has a bigger payload to carry more data. That’s why downloading and uploading tools often generate packets with large sizes. These packets are very greedy to consume a big portion of bandwidth. That’s why network administrators always pay much attention to downloading and uploading at workplace. You should keep an eye on this type of packets too.

Note that here we are talking about EXCESSIVENESS, which means the number VERY BIG like tenfold or hundredfold bigger than other counters. Especially the small sized packets and if there is any port scanning on your network, you will capture a big sum of packets of 64 bytes in a blink of an eye and clearly feel the network delay.

  1. Netfans
    2010年5月27日01:54 | #1

    Well, only excessiveness.

  2. 2010年5月30日15:16 | #2

    Terrific work! This is the type of information that should be shared around the web. Shame on the search engines for not positioning this post higher!

  3. 2010年6月8日14:08 | #3

    Nice dispatch and this fill someone in on helped me alot in my college assignement. Say thank you you seeking your information.

  4. 2010年6月20日06:23 | #4

    Keep posting stuff like this i really like it

  5. 2011年6月16日08:14 | #5

    This is some terrific information. I think by paying attention to packet size, a lot of good can come. It can be useful at the work place or also for personal use when you want to manage your downloading time at times.

    Adam Warne
    Webmaster, Bargains Plus More

  6. JeanCDildy
    2011年11月17日07:19 | #6

    Great post! Thanks for sharing this. Yeah! Show us more about this post.

  1. 本文目前尚无任何 trackbacks 和 pingbacks.