And now, if we take the average of all the numbers in the deque, we'll get a measure of the ratio of outbound to inbound traffic for that server. Putting this all together, we use a Python double-ended queue (deque) with a fixed length (that's your window size) to move through the packets, and when we find a packet going to or from the server, we store a +1 or a -1 in the deque. Now we can start to quantify whether traffic is incoming or outgoing. If a packet is being sent to the server, we'll call that +1, and if a packet is being sent from the server, we'll call that -1. To get a sense of how the server's service (or lack thereof) varies with time, you can loop through all of the packets, and look for packets with the server's IP as the source or destination. You can use a simple lambda function in Python to extract the source and destination IP addresses from packets, so I combined that with a queue to compute a moving average, and designed this script around it.
0 Comments
Leave a Reply. |