[rlug] Determinare size cerere DNS

[Radu Filip]

Salut,

am nevoie sa calculez dimensiunea medie a unui request DNS (cerere si
raspuns). M-am gandit sa loghez cu tcmdump traficul pentru o perioada de
timp data si apoi sa fac media size-urillor requesturilor:

# tcpdump -nn -i eth0 | egrep -i "\.53(\ >|: )
09:45:46.054966 a.b.c.d.53 > x.y.z.t.53:  35065 1/11/12 (513) (DF)
09:45:46.099954 a.b.c.d.53 > x.y.z.t.53:  39837 NXDomain 0/1/1 (110) (DF)
09:45:46.225132 x.y.z.t.53 > 206.191.0.210.53:  5392+ [1au] PTR? 
148.142.109.220.in-addr.arpa. (57)
09:45:46.745089 x.y.z.t.53 > 64.105.124.154.32770:  7511*- 1/2/3 A x.y.z.t (137)
09:45:47.945265 x.y.z.t.53 > 210.138.175.244.53:  1323 [1au] A? 
mcn-ns1.miyazaki-catv.ne.jp. (56)
09:45:47.945361 x.y.z.t.53 > 210.138.175.244.53:  26323 [1au] A? 
mcn-ns2.miyazaki-catv.ne.jp. (56)
09:45:47.945382 x.y.z.t.53 > a.b.c.d.53:  63479+ [1au] PTR? 
52.68.105.219.in-addr.arpa. (55)
09:45:47.945420 x.y.z.t.53 > 210.138.175.244.53:  62514 [1au] A? 
mcn-ns3.miyazaki-catv.ne.jp. (56)
09:45:47.976022 210.138.175.244.53 > x.y.z.t.53:  26323-% 0/3/4 (162)
09:45:47.976025 210.138.175.244.53 > x.y.z.t.53:  1323-% 0/3/4 (162)
09:45:47.976522 210.138.175.244.53 > x.y.z.t.53:  62514-% 0/3/4 (162)
09:45:47.977423 x.y.z.t.53 > a.b.c.d.53:  64025+ [1au] A? mcn-ns2.miyazaki-catv.ne.jp. 
(56)
09:45:47.977455 x.y.z.t.53 > a.b.c.d.53:  62921+ [1au] A? mcn-ns1.miyazaki-catv.ne.jp. 
(56)
09:45:47.977764 x.y.z.t.53 > a.b.c.d.53:  22677+ [1au] A? mcn-ns3.miyazaki-catv.ne.jp. 
(56)
09:45:48.245117 x.y.z.t.53 > 210.138.175.244.53:  57033 [1au] PTR? 
148.142.109.220.in-addr.arpa. (57)
09:45:48.275959 210.138.175.244.53 > x.y.z.t.53:  57033-% 0/3/4 (184)
09:45:48.276889 x.y.z.t.53 > a.b.c.d.53:  60245+ [1au] PTR? 
148.142.109.220.in-addr.arpa. (57)
09:45:49.771152 x.y.z.t.53 > a.b.c.d.53:  7081+ [1au] PTR? 
139.116.188.205.in-addr.arpa. (57)
09:45:49.804602 a.b.c.d.53 > x.y.z.t.53:  7081 1/2/3 (176) (DF)
[...]

unde x.y.z.t e serverul meu (pe care fac DNS caching) si a.b.c.d este
serverul meu de DNS.

Nu sunt sigur daca valoarea din campul 5 (35065, 39837, ...) reprezinta
dimeansiunea in bytes a cererii sau nu. Daca nu, cum fac sa am afisat si 
dimensiunea totala in bytes a requestului, inclusiv dimensiunea 
header-ului pachetului de IP?

Mersi.


--- 
Detalii despre listele noastre de mail: http://www.lug.ro/