Hopefully someone can point/help me out. What is below is an extract of packet capture ... similar to tcpdump. What I want to do is to determine the amount of traffic a port has on it. I just plan on redirecting the output to this program.
My thoughts are to maybe create a hash have the totals stored in the has using the port numbers as keys. So at each block say I'm looking for TCP traffic then I would make sure it is TCP and then I would find the incoming source port ( the tcp packets below have a source port of 6699) Once the source address is determined then the has would be checked to see if the key exists. If the key exists then add the DgmLen (datagram) length onto it. If the key(port) does not exist then add the key and DgmLen. Then when it is done I'll print out the hash sorted by the ascending key (port) values. Care has to be taken if the Traffic type is not TCP or UDP say ICMP as the format of the line changes at bit. There is no port numbers. With either TCP,UDP, or ICMP the 3rd line of each dump is not required. If someone could help me with the structure/setup of this ... extracting the data I would appreciate it. Greg PS is there a size that the hash should not exceed? It is possible, but unlikely that all 65536 port would be used. 10/15-10:56:39.788943 64.229.130.126:6699 -> 192.117.91.98:1395 TCP TTL:120 TOS:0x0 ID:2936 IpLen:20 DgmLen:40 DF ***A**** Seq: 0x6AA4F9 Ack: 0x1DAEF3DB Win: 0x2124 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/15-10:56:39.812796 212.58.240.61:57905 -> 192.117.91.59:6970 UDP TTL:236 TOS:0x0 ID:39733 IpLen:20 DgmLen:318 DF Len: 298 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/15-10:56:39.826366 24.48.104.144:6699 -> 192.117.90.128:1577 TCP TTL:11 TOS:0x0 ID:35437 IpLen:20 DgmLen:40 DF ***A**** Seq: 0x5FC28E Ack: 0x5A8547D Win: 0x3ED0 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 10/15-10:56:39.887449 24.22.243.72:6699 -> 192.117.89.212:1608 TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1500 DF ***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
