simple/tcpdump_tools/by_proto

33 lines
797 B
Plaintext
Raw Normal View History

2002-04-19 12:05:27 +02:00
#!/usr/bin/perl -w
use strict;
# 15:20:56.789680 P 0:48:54:5c:4d:f1 0:0:0:0:0:1 ip 1514: wsrppp15.wsr.ac.at.1605 > 195.202.170.227.smtp: P 420284195:420285643(1448) ack 3689574287 win 32120 <nop,nop,timestamp 2363951 3391664> (DF)
my %octets;
while (<>) {
if (/([\d.:]+) . ([\w:]+) ([\w:]+) ip (\d+): ([\w.]+)\.(\w+) > ([\w.]+)\.(\w+):/) {
# print;
# print "-> $1 $2 $3 $4 $5 $6 $7 $8\n";
my $octets = $4;
my $sport = $6;
my $dport = $8;
my $proto;
if ($sport =~ m/[a-z]/) {
$proto = $sport;
}
elsif ($dport =~ m/[a-z]/) {
$proto = $dport;
}
else {
$proto = "$sport/$dport";
}
# print "-> proto = $proto\n";
$octets{$proto} += $octets;
}
}
for my $i (sort { $octets{$a} <=> $octets{$b} } keys %octets) {
printf "%10d %s\n", $octets{$i}, $i;
}
#vim:sw=4