tcpdump_sum.pl: Fixed time output (was off by one minute)
tcpdump_sum2.pl: Print 1 second history of most active connections.
This commit is contained in:
parent
ff9ea6f10d
commit
22a64b0dd2
|
@ -4,7 +4,7 @@
|
|||
|
||||
sub dumpstats {
|
||||
print "-" x 60, "\n";
|
||||
print "$time\n";
|
||||
print "$time_last\n";
|
||||
for $i (sort { $sum{$a} <=> $sum{$b} } keys (%sum)) {
|
||||
printf("\t%6d %s\n", $sum{$i}, $i);
|
||||
}
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# print summary of tcpdump output
|
||||
|
||||
sub dumpstats {
|
||||
print "-" x 60, "\n";
|
||||
print "$time_last\n";
|
||||
for $i (sort { $sum{$a} <=> $sum{$b} } keys (%sum)) {
|
||||
printf("\t%6d %s\n", $sum{$i}, $i);
|
||||
}
|
||||
}
|
||||
|
||||
$maxsecs = 0;
|
||||
$minsecs = 86400;
|
||||
|
||||
while (<>) {
|
||||
if (m/^(\d\d:\d\d:\d\d)\.\d{6} ([-\w\.]+) \> ([-\w\.]+): (.*)/) {
|
||||
$time = $1;
|
||||
$from = $2;
|
||||
$to = $3;
|
||||
$rest = $4;
|
||||
@t = split(/:/, $time);
|
||||
$secs = $t[0] * 3600 + $t[1] * 60 + $t[2];
|
||||
if ($secs < $minsecs) {$minsecs = $secs}
|
||||
if ($secs > $maxsecs) {$maxsecs = $secs}
|
||||
|
||||
if ($rest =~ m/^. (\d+):(\d+)\((\d+)\)/) {
|
||||
# tcp
|
||||
$con = "$from > $to";
|
||||
$tsum{$con} += $3;
|
||||
if (!$sum{$con}) {
|
||||
$sum{$con} = [];
|
||||
}
|
||||
$sum{$con}->[$secs] += $3;
|
||||
|
||||
|
||||
} elsif ($rest =~ m/^. ack (\d+) win (\d+) \(DF\)/) {
|
||||
# tcp ack
|
||||
} else {
|
||||
#print stderr "unparseable2: $_";
|
||||
}
|
||||
|
||||
|
||||
} else {
|
||||
#print stderr "unparseable1: $_";
|
||||
}
|
||||
}
|
||||
|
||||
for $c ((sort {$tsum{$b} <=> $tsum{$a}} keys %tsum)[0..9]) {
|
||||
print "# ", $c, " ", $tsum{$c}, "\n";
|
||||
for ($s = $minsecs; $s <= $maxsecs; $s++) {
|
||||
print $c, "\t", $s, "\t", $sum{$c}->[$s] + 0, "\n";
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue