-
Notifications
You must be signed in to change notification settings - Fork 23
Extended ID2T Statistics DB: Tables
Stefano Acquaviti edited this page Mar 16, 2018
·
6 revisions
Querying the SQLite database by standard SQL queries requires knowledge about the database scheme. Therefore we provide following an overview about the tables and fields.
This table contains general information about the dataset.
| Field Name | Description |
|---|---|
| packetCount | Number of packets in the dataset |
| captureDuration | The duration of the capture formatted as "milliseconds.microseconds" |
| timestampFirstPacket | Timestamp of the first packet in the capture, formatted as YYYY-MM-DD HH:MM:SS.MILLISECONDS |
| timestampLastPacket | Timestamp of the last packet in the capture, formatted as YYYY-MM-DD HH:MM:SS.MILLISECONDS |
| avgPacketRate | The average packet rate per second over all hosts, calculated as packetCount divided by captureDuration |
| avgPacketSize | The average packet size over all hosts |
| avgPacketSentPerHost | The average number of packets sent over all hosts |
| avgBandwidthIn | The average incoming bandwidth over all hosts |
| avgBandwidthOut | The average outgoing bandwidth over all hosts |
This table contains general IP statistics related to a specific IP address.
| Field Name | Description |
|---|---|
| ipAddress | IP Address of the host these statistics belong to |
| kybtesSent | KBytes of data sent |
| kybtesReceived | KBytes of data received |
| pktsSent | Number of packets sent |
| pktsReceived | Number of packets received |
| maxPktRate | The maximum sending/receiving packet rate |
| minPktRate | The minimum sending/receiving packet rate |
| ipClass | The class of the host IP, e.g. A,B,C |
This table contains general converstaions (connections) statistics.
| Field Name | Description |
|---|---|
| ipAddressA | IP Address of the host A |
| portA | The used port on host A |
| ipAddressB | IP Address of the host B |
| portB | The used port on host B |
| pktsCount | Number of packets exchanged |
| avgPktRate | The average packet rate |
| avgDelay | The average delay in first three packets (TCP handshake) |
| minDelay | The minimum delay in first three packets (TCP handshake) |
| maxDelay | The maximum delay in first three packets (TCP handshake) |
This table contains a collection of statistics in interval-wise.
| Field Name | Description |
|---|---|
| lastPktTimestamp | Timestamp of the last packet in the interval |
| pktsCount | Packets count in the interval |
| kBytes | KBytes of data in the interval |
| ipSrcEntropy | Source IPs entropy |
| ipDstEntropy | Destination IPs entropy |
| ipSrcCumEntropy | Source IPs cumulative entropy |
| ipDstCumEntropy | Destination IPs cumulative entropy |
| payloadCount | Packets count that contain payload |
| incorrectTCPChecksumCount | Incorrect TCP checksums count |
| correctTCPChecksumCount | Correct TCP checksums count |
| newIPCount | Novel IPs count |
| newPortCount | Novel ports count |
| newTTLCount | Novel TTL values count |
| newWinSizeCount | Novel Window Size values count |
| newToSCount | Novel ToS values count |
| newMSSCount | Novel MSS values count |
This table contains information about the used MAC adress for a given IP address. A MAC Address may be used by several IP addresses, for example, in an virtualized environment.
| Field Name | Description |
|---|---|
| ipAddress | IP Address of the host |
| macAddress | MAC Address of the host |
This table provides information about the used TCP/UDP ports.
| Field Name | Description |
|---|---|
| ipAddress | IP Address of the host |
| portDirection | If data was received on this port "in", if data was sent from this port "out" |
| portNumber | Port number |
| portCount | Number of packets using this port |
| byteCount | Number of bytes transmitted using this port |
| portProtocol | Name of the protocol, e.g. TCP, UDP |
| portService | Name of the service using this port |
This table contains statistics about the protocol usage.
| Field Name | Description |
|---|---|
| ipAddress | IP Address of the host |
| protocolName | Name of the protocol, e.g. TCP, UDP, IPv4 |
| protocolCount | Number of packets using this protocol |
| byteCount | Number of bytes sent using this protocol |
This table contains TTL statistics.
| Field Name | Description |
|---|---|
| ipAddress | IP Address of the host |
| ttlValue | TTL value |
| ttlCount | Number of packets using this TTL value |
This table contains statistics about the used MSS values.
| Field Name | Description |
|---|---|
| ipAddress | IP Address of the host |
| mssValue | Maximum Segment Size (TCP option) used by the host |
| mssCount | Number of packets using this MSS value |
This table contains statistics about the used Window Size values.
| Field Name | Description |
|---|---|
| ipAddress | IP Address of the host |
| winSize | Window Size used by the host |
| winCount | Number of packets using this Window Size value |
This table contains statistics about the used ToS values.
| Field Name | Description |
|---|---|
| ipAddress | IP Address of the host |
| tosValue | Type of Service used by the host |
| tosCount | Number of packets using this ToS value |
This table contains statistics about unrecognized PDUs.
| Field Name | Description |
|---|---|
| srcMac | MAC Address of the host |
| dstMac | MAC Address of the target |
| etherType | The Ethertype number in decimal |
| pktCount | Number of occurrences of the packet |
| timestampLastOccurrence | Timestamp of the last occurrence of the packet, formatted as YYYY-MM-DD HH:MM:SS.MILLISECONDS |