-------------------------------------------------------------------------------- netics 2.6 -------------------------------------------------------------------------------- by Marius Aamodt Eriksen http://monkey.org/~marius/netics DESCRIPTION Netics is an extensible network statistics collector. It puts the network interface in promiscuous mode and feeds the data stream (after it strips off the appropriate protocol headers), it then displays the results at speficied intervals, either in a "progress bar" mode or as raw statistics. Currently it supports 2 statistics, both involving entropy; LZW compressability and Ueli Maurer's universal statistical test. Maurer's test is a very good and comprehensive measure of entropy, but requires a large amount of data, the LWZ statistic requires much less data. INSTALL ./configure make su make install THANKS Niels Provos , Ed Vielmetti , Jose Nazario and Igor Markov for useful discussion, comments and suggestions. USAGE (from the "netics -h") netics: [-phVbv] [-i ] [-r ] [-s ] [-t ] [filter] -i sniff on specified interface -r use tcpdump file for sniffing -t checkpoint every seconds -s use scan . available scans are: lzw (default), maurer -P use more imprecise measurements -h help -V print version number -b show measurement using a "progress" bar -v increase verbosity level DEPENDENCIES libevent http://www.monkey.org/~provos/libevent zlib http://www.gzip.org/zlib/ libnids http://www.packetfactory.net/projects/libnids/ libpcap http://www.tcpdump.org/ libnet http://www.packetfactory.net/libnet/ HELP See the manpage, netics(1), for more help and details. TODO A small gtk app that displays entropy would be fun. Maybe use Art's wisig as a base. Use iofender.