netics(1) OpenBSD Reference Manual netics(1) NAME netics - network statistical information gatherer SYNOPSIS netics [-P] [-h] [-V] [-b] [-v] [-i interface] [-r file] [-t timeout] [-s scan] [filter] DESCRIPTION The netics utility gathers statistical information on a network. It can either be measured directly from the network, or via a tcpdump(8) output file. The options are as follows: -P Uses imprecise measurements. These are typically data quality reductions made in order to relieve pressure on the CPU. -h Displays a short synopsis of the command line options. -V Displays the version number. -b Uses a "progress" bar to display the results instead of the regular printed "logged" version. This measurement is given as a percentage of what is considered a maximum achievable statis- tic. -v Increases verbosity level. Use multiple times to increase ver- bosity level more. -i interface Specifies the network interface from which to capture data. -r file Instead of reading packets from the network, the packets are read from a tcpdump(8) dump file. -t timeout Specifies the interval for displaying measurements in seconds. By default, this is set to 10 seconds. -s scan Define what scan to use; this defines which property of the network stream is measured. By default, "lzw" is set. See the SCANS section for a thorough explanation. filter A valid pcap(3) filter that determines how to capture network traffic. The netics utility measures statistical properties on a network. It does this by capturing data, either on the physical network or through a spec- ified tcpdump(8) file. It then runs the data through the particular scan that has been selected, and displays the results. There are two ways to attain data. If the [-b] options is specified, a "progress" bar is displayed, yielding values in percentages for the mea- sured property. If not, the "raw" output value for the given property is printed. Pressing CTRL-C will update this value. To quit netics simply press CTRL-C twice in a rapid sequence. If netics is launched with the [-b] option, it is sufficient to press CTRL-C once. EXAMPLES netics -i wi0 -s "maurer" -b Listens to the interface wi0, and using the Maurer scan, displays the gathered results by way of a "progress" bar. Since a timeout value was not specified, it is set to the default: 10 seconds. SCANS These are the currently available scans. The interface to hook into net- ics is very extensible, so please contact me if you have other ideas or implementations of scans to add to netics. lzw The LZW scan is an entropy measurement statistic that uses zlib's compression facilities to attempt to compress the data. The re- sult is the ratio of bytes in to bytes out. Less compressible data has more entropy than data that is more compressible. For example, an ssh(1) session with defined transmitted output has an LZW measurement of around 96%-100%, whereas a telnet(1) session with the same output yields values around 4%-6%. maurer The Maurer scan, or "Uli Maurer's Universal Statistical Test" is also an entropy measurement statistic. It has proved to be a very valuable and good measurement of entropy, however, it takes a large amount of data (approximately 250 Kb) to yield any re- sults. SEE ALSO pcap(3) ACKNOWLEDGMENTS This program contains some pcap code from Dug Song. THANKS Niels Provos , Ed Vielmetti , Jose Nazario , and Igor Markov for useful comments and suggestions. AUTHORS The netics utility has been developed by Marius Aamodt Eriksen . NOTES The measurements described above were taken on the wireless network at the 2002 USENIX Annual Technical Conference. If you have any sugges- tions, or implementations, of other statistical information to gather from a network stream (the interface is very extensible), please contact me . BUGS Uli Maurer's universal statistical is not turned on by default. OpenBSD 3.3 July 3, 2002 2