I've got a problem with my script below.
The files it is going to parse start usually 1 minute prior to midnight (newday).
I really don't care about this minute before midnight so I figured I just reset the
hash at new day.
All that is happening is every 5 minutes a new entry is put in the hash. I know
it isn't bullet proof what I've got now ... ie if the entries are not starting at
midnight and not occurring constantly.
I can't see to grab the date ... just day is important and compare it. Maybe I'm
going about this wrong.
Greg
#!/usr/bin/perl -w
use strict;
$/ = "";
my %hash;
my $runningTime =0;
my $total;
while ( <> ) {
next unless (split)[4] eq 'TCP';
# my $date = $1 if /^\d+\/(\d+)-/;
# first day should set date
# date is in 10/15 format jjust check day
# must get date and check if this is a new day
# if it is then reset the hash to empty
# need to do this because must dump file
# starts approx 1 minute prior to newday to 1
# minute after
#%hash = (); # empty hash ssince new day
my $hours = $1 if /-(\d+):\d+:\d+/;
my $minutes = $1 if /-\d+:(\d+):\d+/;
if ($hours != 0) { # don't want to mult by 0
$total = ( $hours *= 3600 ) + ( $minutes * 60);
} else {
$total = $minutes * 60;
}
my $len = $1 if /DgmLen:(\d+)/;
if ($total >= ($runningTime + 300 ) ) {
#want to add a new timespot and then add traffic to it
$runningTime += 300; #next 5 minute block
$hash{$runningTime}{'length'} += $len;
$hash{$runningTime}{'hits'} ++;
}else{
#just need to add to total
$hash{$runningTime}{'length'} += $len;
$hash{$runningTime}{'hits'}++;
}
print "date: $date\n";
print "total: $total\n";
print "runningTime: $runningTime\n"
}
for (sort { $a <=> $b } keys %hash) {
print "$_ $hash{$_}{'hits'} $hash{$_}{'length'}\n";
}
__DATA__
10/15-0:4:39.788943 64.229.130.126:6699 -> 192.117.91.98:1395
TCP TTL:120 TOS:0x0 ID:2936 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x6AA4F9 Ack: 0x1DAEF3DB Win: 0x2124 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:4:40.812796 212.58.240.61:57905 -> 192.117.91.59:6970
UDP TTL:236 TOS:0x0 ID:39733 IpLen:20 DgmLen:318 DF
Len: 298
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:4:45.826366 24.48.104.144:6699 -> 192.117.90.128:1577
TCP TTL:11 TOS:0x0 ID:35437 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x5FC28E Ack: 0x5A8547D Win: 0x3ED0 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:5:39.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:5:40.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1100 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:5:50.812796 212.58.240.61:57905 -> 192.117.91.59:6970
UDP TTL:236 TOS:0x0 ID:39733 IpLen:20 DgmLen:418 DF
Len: 398
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:5:39.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:10:40.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1100 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:12:39.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-1:5:40.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1100 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
#!/usr/bin/perl -w
use strict;
$/ = "";
my %hash;
my $runningTime =0;
my $total;
while ( <> ) {
next unless (split)[4] eq 'TCP';
# my $date = $1 if /^\d+\/(\d+)-/;
# first day should set date
# date is in 10/15 format jjust check day
# must get date and check if this is a new day
# if it is then reset the hash to empty
# need to do this because must dump file
# starts approx 1 minute prior to newday to 1
# minute after
#%hash = (); # empty hash ssince new day
my $hours = $1 if /-(\d+):\d+:\d+/;
my $minutes = $1 if /-\d+:(\d+):\d+/;
if ($hours != 0) { # don't want to mult by 0
$total = ( $hours *= 3600 ) + ( $minutes * 60);
} else {
$total = $minutes * 60;
}
my $len = $1 if /DgmLen:(\d+)/;
if ($total >= ($runningTime + 300 ) ) {
#want to add a new timespot and then add traffic to it
$runningTime += 300; #next 5 minute block
$hash{$runningTime}{'length'} += $len;
$hash{$runningTime}{'hits'} ++;
}else{
#just need to add to total
$hash{$runningTime}{'length'} += $len;
$hash{$runningTime}{'hits'}++;
}
print "date: $date\n";
print "total: $total\n";
print "runningTime: $runningTime\n"
}
for (sort { $a <=> $b } keys %hash) {
print "$_ $hash{$_}{'hits'} $hash{$_}{'length'}\n";
}
__DATA__
10/15-0:4:39.788943 64.229.130.126:6699 -> 192.117.91.98:1395
TCP TTL:120 TOS:0x0 ID:2936 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x6AA4F9 Ack: 0x1DAEF3DB Win: 0x2124 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:4:40.812796 212.58.240.61:57905 -> 192.117.91.59:6970
UDP TTL:236 TOS:0x0 ID:39733 IpLen:20 DgmLen:318 DF
Len: 298
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:4:45.826366 24.48.104.144:6699 -> 192.117.90.128:1577
TCP TTL:11 TOS:0x0 ID:35437 IpLen:20 DgmLen:40 DF
***A**** Seq: 0x5FC28E Ack: 0x5A8547D Win: 0x3ED0 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:5:39.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:5:40.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1100 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:5:50.812796 212.58.240.61:57905 -> 192.117.91.59:6970
UDP TTL:236 TOS:0x0 ID:39733 IpLen:20 DgmLen:418 DF
Len: 398
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:5:39.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:10:40.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1100 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-0:12:39.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1500 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
10/15-1:5:40.887449 24.22.243.72:6699 -> 192.117.89.212:1608
TCP TTL:114 TOS:0x0 ID:59166 IpLen:20 DgmLen:1100 DF
***AP*** Seq: 0x2A085633 Ack: 0xBEEE29B0 Win: 0x4432 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
