|
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| IP Networking Learn TCP/IP, Internet Protocol, Routing, Routers, Network protocols in this UNIX and Linux forum. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to get active connections in Unix | jatin.jain | Shell Programming and Scripting | 3 | 05-26-2007 10:04 AM |
| Scripts - Processes, CPU, Max. Connections | prashanth_gs | SUN Solaris | 1 | 02-05-2007 10:27 AM |
| Porting of Windows written unix scripts to unix platform | tamilselvi | UNIX for Advanced & Expert Users | 7 | 10-02-2002 11:55 AM |
| unix scripts | yelalouf | UNIX for Dummies Questions & Answers | 4 | 11-18-2001 10:47 PM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
01-10-2007
|
||||
|
||||
|
Unix Scripts & Counting TCP Connections
Here's a question I received on a test recently. I'm new to Linux/Unix so if this is easy, don't kill me. What scripting or tools could you use to count and sort the number of connections from each internal host? I'd appreciate any feedback and resources.
"The Cisco PIX firewall provides information in this form about network connections going through it: TCP out 64.233.161.99:80 in 192.168.18.52:46778 idle 0:00:00 Bytes 1657961 flags UIO TCP out 209.104.39.15:80 in 192.168.18.34:52859 idle 0:06:34 Bytes 1026 flags UFRIO TCP out 64.233.161.104:80 in 192.168.18.19:54409 idle 0:00:02 Bytes 498219 flags UIO TCP out 209.104.39.15:80 in 192.168.18.22:52154 idle 0:00:01 Bytes 1000 flags UFRIO TCP out 64.233.161.99:80 in 192.168.18.49:40441 idle 0:00:05 Bytes 60293 flags UIO TCP out 64.233.161.147:80 in 192.168.18.49:41745 idle 0:00:05 Bytes 1557863 flags UIO The first IP address is the host outside the firewall in the connection and the second is the host inside the firewall. Let's say I wanted to easily count the number of connections that each inside host has open and sort them from most to least. How can I do that using shell scripting, Perl scripts, and/or basic Unix tools?" |
|
01-11-2007
|
||||
|
||||
|
Perl will be better for this
As per my experience such logs are very bulky. Thus using ShellScript will be very slow and it will definately consume much higher CPU as well.
You can start with some good Perl Beginner book. It is very easy as syntax are in-between C and ShellScripting. Learning Perl for UNIX user have lot of advantage as well :-). I'd suggest you following books Effective Perl Programming: Writing Better Programs With Perl by Joseph N. Hall, Randal Schwartz Learning Perl, Third Edition by Randal L. Schwartz, Tom Phoenix Go and buy from amazon 2nd hand hook sellers. Each will cost you less then 10$. Just 20$ expences against a prestigious Perl programmer ;-) |
|
01-11-2007
|
||||
|
||||
Hope you can do this in a shell script.
I think UIO is outside connections and UFRIO is for Internal connections according to your output. So grep for UFRIO and sort the output according to time. then achieve the required thing. If you have the exact file content let me know and give me the outputs you needed exactly. I will try a shell script..  |
|
01-12-2007
|
||||
|
||||
|
If you have Python, here's an alternative: Assuming Sample input is : Code:
TCP out 64.233.161.99:80 in 192.168.18.52:46778 idle 0:00:00 Bytes 1657961 flags UIO TCP out 209.104.39.15:80 in 192.168.18.34:52859 idle 0:06:34 Bytes 1026 flags UFRIO TCP out 64.233.161.104:80 in 192.168.18.19:54409 idle 0:00:02 Bytes 498219 flags UIO TCP out 209.104.39.15:80 in 192.168.18.22:52154 idle 0:00:01 Bytes 1000 flags UFRIO TCP out 64.233.161.99:80 in 192.168.18.49:40441 idle 0:00:05 Bytes 60293 flags UIO TCP out 64.233.161.147:80 in 192.168.18.49:41745 idle 0:00:05 Bytes 1557863 flags UIO Code:
#!/usr/bin/python
outside = {} #store outside IP address
inside = {} #store inside IP address
for line in open("cisco.log"):
line = line.split()
out = line[2].split(":")[0] #get out IP address, stripping the port number
ins = line[4].split(":")[0] #get inside IP address, stripping the port number
if not outside.has_key(out): #if IP address hasn't been seen
outside[out] = 1 # initial count to 1
else:
outside[out] = outside[out] + 1 #add count
if not inside.has_key(ins):
inside[ins] = 1
else:
inside[ins] = inside[ins] + 1 #add count
print "Printing count of outside IPs ...."
for i,k in outside.iteritems():
print "IP: %s , count: %d" % (i,k)
print "Printing count of inside IPs...."
for i,k in inside.iteritems():
print "IP: %s , count: %d" % (i,k)
output: Code:
Printing count of outside IPs.... IP : 64.233.161.99 , count: 2 IP : 64.233.161.147 , count: 1 IP : 209.104.39.15 , count: 2 IP : 64.233.161.104 , count: 1 Printing count of inside IPs.... IP: 192.168.18.52 , count: 1 IP: 192.168.18.34 , count: 1 IP: 192.168.18.49 , count: 2 IP: 192.168.18.22 , count: 1 IP: 192.168.18.19 , count: 1 |
|
01-15-2007
|
||||
|
||||
|
hi I am nuts to C programming, I recieved this for my project...anyone...help?
this is wat i recieved... write a simple TCP/IP server program in C language The server program can listen at TCP 8080 and send out Hello World to any TCP client connect to the port 8080 (at client side use the command telnet IP address 8080) please help....thanks... |
|
| Bookmarks |
| Tags |
| linux |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
