#!/usr/bin/perl -w
use strict;
# 15:20:56.789680 P 0:48:54:5c:4d:f1 0:0:0:0:0:1 ip 1514: wsrppp15.wsr.ac.at.1605 > 195.202.170.227.smtp: P 420284195:420285643(1448) ack 3689574287 win 32120 <nop,nop,timestamp 2363951 3391664> (DF)
my %octets;

my %interesting = (
    25   => 'smtp',
    80   => 'http',
    443  => 'https',
    5060 => 'lync server frontend service (5060)',
    5070 => 'lync server mediation service (5070)',
);

while (<>) {
    my $octets;
    my $sport;
    my $dport;
    if (/([\d.:]+) . ([\w:]+) ([\w:]+) ip (\d+): ([\w.]+)\.(\w+) > ([\w.]+)\.(\w+):/) {
	# print;
	# print "-> $1 $2 $3 $4 $5 $6 $7 $8\n";
	$octets = $4;
	$sport = $6;
	$dport = $8;
    } elsif (/(In|Out) ethertype IPv[46] \(0x....\), length (\d+): ([-\w.]+)\.(\w+) > ([-\w.]+)\.(\w+):/) {
	$octets = $2;
	$sport = $4;
	$dport = $6;
    } else {
        next;
    }
    my $proto;
    if ($interesting{$sport}) {
        $proto = $interesting{$sport};
    }
    elsif ($interesting{$dport}) {
        $proto = $interesting{$dport};
    }
    else {
        $proto = "$sport/$dport";
    }
    # print "-> proto = $proto\n";
    $octets{$proto} += $octets;
}
for my $i (sort { $octets{$a} <=> $octets{$b} } keys %octets) {
    printf "%10d %s\n", $octets{$i}, $i;
}

#vim:sw=4