Traffic Trace Info
DumpFile: 201204010345.dump
FileSize: 1925.73MB
Id: 201204010345
StartTime: Sun Apr 1 03:45:00 2012
EndTime: Sun Apr 1 04:00:01 2012
TotalTime: 900.49 seconds
TotalCapSize: 1526.18MB CapLen: 96 bytes
# of packets: 26184588 (20586.09MB)
AvgRate: 191.78Mbps stddev:21.85M
IP flow (unique src/dst pair) Information
# of flows: 1723065 (avg. 15.20 pkts/flow)
Top 10 big flow size (bytes/total in %):
6.7% 5.3% 4.3% 4.2% 3.2% 2.8% 2.5% 2.0% 1.8% 1.8%
IP address Information
# of IPv4 addresses: 1379539
Top 10 bandwidth usage (bytes/total in %):
27.6% 12.4% 12.3% 9.1% 6.9% 5.6% 5.5% 4.5% 4.3% 4.2%
# of IPv6 addresses: 5701
Top 10 bandwidth usage (bytes/total in %):
49.6% 36.8% 28.4% 20.4% 9.6% 9.6% 7.9% 4.8% 4.2% 2.5%
Packet Size Distribution (including MAC headers)
![[packet size distribution]](201204010345.pktlen.png)
detailed numbers
[ 32- 63]: 3865090
[ 64- 127]: 6747095
[ 128- 255]: 876621
[ 256- 511]: 513996
[ 512- 1023]: 587105
[ 1024- 2047]: 13594681
Protocol Breakdown
![[protocol breakdown chart]](201204010345.png)
protocol packets bytes bytes/pkt
------------------------------------------------------------------------
total 26184588 (100.00%) 21586081448 (100.00%) 824.38
ip 25906581 ( 98.94%) 21462163165 ( 99.43%) 828.44
tcp 19991188 ( 76.35%) 19221137927 ( 89.04%) 961.48
http(s) 10298833 ( 39.33%) 13980655478 ( 64.77%) 1357.50
http(c) 3957035 ( 15.11%) 590909806 ( 2.74%) 149.33
squid 57582 ( 0.22%) 41904985 ( 0.19%) 727.74
smtp 35378 ( 0.14%) 4873863 ( 0.02%) 137.77
nntp 18 ( 0.00%) 1106 ( 0.00%) 61.44
ftp 8243 ( 0.03%) 828883 ( 0.00%) 100.56
pop3 1710 ( 0.01%) 366032 ( 0.00%) 214.05
imap 530 ( 0.00%) 133526 ( 0.00%) 251.94
telnet 48540 ( 0.19%) 3584911 ( 0.02%) 73.85
ssh 1276894 ( 4.88%) 1190389754 ( 5.51%) 932.25
dns 4401 ( 0.02%) 1086966 ( 0.01%) 246.98
bgp 625 ( 0.00%) 100829 ( 0.00%) 161.33
napster 18 ( 0.00%) 1358 ( 0.00%) 75.44
realaud 33 ( 0.00%) 2277 ( 0.00%) 69.00
rtsp 47 ( 0.00%) 2876 ( 0.00%) 61.19
icecast 513 ( 0.00%) 62109 ( 0.00%) 121.07
hotline 24 ( 0.00%) 4100 ( 0.00%) 170.83
other 4300764 ( 16.42%) 3406229068 ( 15.78%) 792.01
udp 2465107 ( 9.41%) 724165556 ( 3.35%) 293.77
dns 240688 ( 0.92%) 52715634 ( 0.24%) 219.02
realaud 5 ( 0.00%) 503 ( 0.00%) 100.60
halflif 47 ( 0.00%) 6270 ( 0.00%) 133.40
starcra 38 ( 0.00%) 3181 ( 0.00%) 83.71
everque 302 ( 0.00%) 80472 ( 0.00%) 266.46
unreal 90 ( 0.00%) 50523 ( 0.00%) 561.37
quake 16 ( 0.00%) 3080 ( 0.00%) 192.50
cuseeme 3 ( 0.00%) 254 ( 0.00%) 84.67
other 2223706 ( 8.49%) 671235086 ( 3.11%) 301.85
icmp 1787044 ( 6.82%) 202142004 ( 0.94%) 113.12
ipip 185 ( 0.00%) 19270 ( 0.00%) 104.16
ipsec 2861 ( 0.01%) 993701 ( 0.00%) 347.33
ip6 1638116 ( 6.26%) 1310375992 ( 6.07%) 799.93
pim 334 ( 0.00%) 20040 ( 0.00%) 60.00
other 21746 ( 0.08%) 3308675 ( 0.02%) 152.15
frag 1143 ( 0.00%) 1069102 ( 0.00%) 935.35
ip6 278007 ( 1.06%) 123918283 ( 0.57%) 445.74
tcp6 182323 ( 0.70%) 76759731 ( 0.36%) 421.01
http(s) 33226 ( 0.13%) 47484486 ( 0.22%) 1429.14
http(c) 29010 ( 0.11%) 2564889 ( 0.01%) 88.41
smtp 30 ( 0.00%) 10836 ( 0.00%) 361.20
ftp 1395 ( 0.01%) 137797 ( 0.00%) 98.78
dns 117 ( 0.00%) 14843 ( 0.00%) 126.86
bgp 90 ( 0.00%) 15600 ( 0.00%) 173.33
other 118455 ( 0.45%) 26531280 ( 0.12%) 223.98
udp6 63506 ( 0.24%) 42926191 ( 0.20%) 675.94
dns 32732 ( 0.13%) 7502232 ( 0.03%) 229.20
everque 1 ( 0.00%) 98 ( 0.00%) 98.00
unreal 1 ( 0.00%) 113 ( 0.00%) 113.00
other 30772 ( 0.12%) 35423748 ( 0.16%) 1151.17
icmp6 31758 ( 0.12%) 3924215 ( 0.02%) 123.57
ip6 84 ( 0.00%) 11412 ( 0.00%) 135.86
pim6 31 ( 0.00%) 4216 ( 0.00%) 136.00
other6 305 ( 0.00%) 292518 ( 0.00%) 959.08
tcpdump file: 201204010345.dump.gz (599.74 MB)