hjp
/
simple
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Complete rewrite?

This commit is contained in:
hjp 2016-07-05 19:16:42 +00:00
parent 0984229b9b
commit 5a638ec8fd
1 changed files with 15 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
tcpdump_tools/by_hosts
View File

@ -1,35 +1,23 @@
#!/usr/bin/perl -w #!/usr/bin/perl -w
use strict; use strict;
# 15:20:56.789680 P 0:48:54:5c:4d:f1 0:0:0:0:0:1 ip 1514: wsrppp15.wsr.ac.at.1605 > 195.202.170.227.smtp: P 420284195:420285643(1448) ack 3689574287 win 32120 <nop,nop,timestamp 2363951 3391664> (DF) # 01:06:43.508117 00:00:24:d0:61:81 > 00:0e:0c:a9:5d:a4, ethertype IPv4 (0x0800), length 58: 93.174.93.51.35728 > 143.130.45.7.16719: Flags [S], seq 72688474, win 65535, options [mss 1436], length 0
# 09:29:10.114541 In ethertype IPv4 (0x0800), length 457: 199.19.109.76.5070 > 143.130.145.221.5060: SIP, length: 413
# 09:29:10.114541 Out ethertype IPv4 (0x0800), length 457: 199.19.109.76.5070 > 143.130.145.221.5060: SIP, length: 413
# 09:29:10.114541 In ethertype IPv4 (0x0800), length 60: 46.137.105.92.80 > 143.130.28.14.29878: Flags [S.], seq 790291952, ack 2509176833, win 17922, options [mss 1436], length 0
# 09:29:10.114541 Out ethertype IPv4 (0x0800), length 60: 46.137.105.92.80 > 143.130.28.14.29878: Flags [S.], seq 790291952, ack 2509176833, win 17922, options [mss 1436], length 0
my %octets; my %octets;
while (<>) { while (<>) {
if (/([\d.:]+) ([\w:]+) ([\w:]+) ip (\d+): ([-\w.]+)\.(\w+) > ([-\w.]+)\.(\w+):/) { if (/ethertype\ IPv4\ \(0x0800\), \s
# ethernet length\ (?<octets>\d+): \s
# print; (?<sip> \d+\.\d+\.\d+\.\d+) .*?
# print "-> $1 $2 $3 $4 $5 $6 $7 $8\n"; > \s
my $octets = $4; (?<dip> \d+\.\d+\.\d+\.\d+) .*?
my $sip = $5; /x) {
my $sport = $6; $octets{"$+{sip} - $+{dip}"} += $+{octets};
my $dip = $7; } elsif (/ethertype\ IPv6\ \(0x86dd\), \s
my $dport = $8; length\ (?<octets>\d+): \s
# print "-> proto = $proto\n"; (?<sip> [0-9a-f:]+) .*?
$octets{"$sip - $dip"} += $octets; > \s
} elsif (/(In|Out) ethertype IPv[46] \(0x....\), length (\d+): ([-\w.]+)\.(\w+) > ([-\w.]+)\.(\w+):/) { (?<dip> [0-9a-f:]+) .*?
# GRE tunnel /x) {
my $octets = $2; $octets{"$+{sip} - $+{dip}"} += $+{octets};
my $sip = $3;
my $sport = $4;
my $dip = $5;
my $dport = $6;
# print "-> proto = $proto\n";
$octets{"$sip - $dip"} += $octets;
} }
} }
for my $i (sort { $octets{$a} <=> $octets{$b} } keys %octets) { for my $i (sort { $octets{$a} <=> $octets{$b} } keys %octets) {