Index of /bmtools/docs
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory 08-Jun-2004 12:22 -
![[TXT]](/icons/text.gif)
stak.html 21-Mar-2004 15:58 10k
stakasta.html 21-Mar-2004 15:58 14k
stakextract.html 21-Mar-2004 15:58 10k
stakhosts.html 21-Mar-2004 15:59 14k
stakrate.html 21-Mar-2004 15:58 11k
stakstreams.html 21-Mar-2004 15:58 12k
1. OVERVIEW
'stak' (Statistical Traffic Analysis Kit) is a set of commandline traffic
analysis tools, designed to help a network administrator see what is hapening
at a router at the moment. Unlike tcpdump (1), the stak set uses statistical
and stream-oriented methods, and will rarely produce an output stream at a
speed beyond human perception. The output is less accurate however.
The kit consists of five different utilities, designed to perform the
following tasks:
* estimating overall traffic rates (stakrate),
* determining network nodes generating the highest traffic (stakhosts)
* monitoring the amount of traffic exchanged with particular autonomous
systems (stakasta),
* extracting strings from packets (stakextract),
* determining connections and flows generating the highest traffic
(stakstreams, experimental),
2. REQUIREMENTS
- gcc, libc...
- libpcap
- 'stak' currently supports only a few common interface types (loopback,
Token Ring, Ethernet, FDDI, PPP). In case you want stak to listen
on an unsupported one, you'll have to specify the data link layer
prefix on the interface manually... well... it's quite easy to
google...
stak was succefully compiled on following OS'es:
* Linux (shaerrawedd 2.4.19-xfs #7 Fri Oct 4 18:18:38 CEST 2002 i686 unknown)
* FreeBSD (venom 4.6.2-RELEASE-p10 FreeBSD 4.6.2-RELEASE-p10 #0: Tue Mar 25
12:59:45 CET 2003 root@venom:/usr/src/sys/compile/VENOM-3 i386)
* OpenBSD (pantera 3.3 PANTERA#0 i386)
... however it was tested only on Linux...
Formerly, stak used to compile on Solaris/SunOS, but now I lack an account
on a SunOS machine to check it.
3. INSTALLATION
Edit Makefile, and uncomment the right setting for your system.
If libpcap doesn't reside in a standard place on your system, add
-I/include/path and -L/library path/ flags to CFLAGS and LDFLAGS.
Type 'make' and copy the utilities (stakrate and other tools - being links to
stakrate at the moment) to a desired place. Alternatively, you could use
the install (type: make install) target to have the binaries copied into
/usr/local/bin.
To make use of the 'stakasta' utility (the AS traffic analyzer),
you also need a dump of the world routing information database. The
European (RIPE) database can be downloaded and processed automatically -
just type make data to process the database (few utilities like wget
and access to Internet is required to perform this step). After that,
you could optionally do a 'make install_data' to copy the files
to /usr/local/stak - if you skip this step, you'll have to specify
path to the data files each time you run 'stakasta'.
You can also copy the manual pages (available in doc/) into a manual
directory on your system (eg. /usr/man/man1).
4. USAGE
Consult the manual pages, available in the doc/ subdirectory.
5. OUTPUT
For stak:
pps = packets per second
bps = bits per second
Bps = bytes per second
1 kpps is 1000 pps
1 Mpps is 1000 kpps
1 Gpps is 1000 Mpps
1 kBps is 1024 bps
1 MBps is 1024 kBps
1 GBps is 1024 MBps
1 kbps is 1024 bps
1 Mbps is 1024 kbps
1 Gbps is 1024 Mbps
6. AUTHOR
Mateusz 'mteg' Golicz <mtg@elsat.net.pl>. Feel free to send any comments,
patches, bugfixes, suggestions, etc. The author is not a native english
speaker, and is aware of the fact that his english is far from perfect. Because
of that, reports on grammar and vocabulary mistakes in this file are
also welcome.
7. ACKNOWLEDGEMENTS
- Matt Kimball - the author of 'mtr'
- for the GPLd asynchronous DNS resolver code
- Krzysztof Rusocki
- for numerous suggestions and testing on FreeBSD
- Giannis Stoilis
- Paul Dorman
- for a few ideas on enhancements and testing
8. LICENSE
GNU GPL, see attached 'COPYING' file.