Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Sampling pcap file
Top Forums Shell Programming and Scripting Sampling pcap file Post 302471056 by Chubler_XL on Friday 12th of November 2010 12:11:15 AM
Old 11-12-2010
Not sure if the 2nd IP (71.126.222.64) should be counted too, but here it is:

Code:
awk -F"[:, ]" ' { now=mktime("2000 1 1 "$1" "$2" "$3);
if (NR==1) printf("#Time Packets IPs\n", to=now+10);
else {
    if (now >= to) {
           printf("%d %d %d\n", count+=10, found, length(IPs));
           while((to+10) < now) printf("%d 0 0\n", count+=10, to+=10);
           delete IPs;
           found=0;
           to+=10;
        }
}
found++;
IPs[$5]++;
}
END { printf("%d %d %d\n", count + 10 - to + now, found, length(IPs)); } ' logfile

---------- Post updated at 03:11 PM ---------- Previous update was at 12:49 PM ----------

Times past midnight or more than 1 days worth of logs?

If time is less that a time before assume we are in the next day and add 24 hours, also now calculates times without using mktime:

Code:
awk -F"[:, ]" ' { new=$1*3600+$2*60+$3;
while(new < now) new+=3600*24;
now=new;
if (NR==1) printf("#Time Packets IPs\n", to=now+10);
else {
    if (now >= to) {
       printf("%d %d %d\n", count+=10, found, length(IPs));
       while((to+10) < now) printf("%d 0 0\n", count+=10, to+=10);
       delete IPs;
       found=0;
       to+=10;
    }
}
found++;
IPs[$5]++;
}
END { printf("%d %d %d\n", count + 10 - to + now, found, length(IPs)); } infile

Last edited by Chubler_XL; 11-12-2010 at 01:18 AM.. Reason: Updated to include zero readings for missing lines
 

7 More Discussions You Might Find Interesting

1. Programming

Compiling Pcap.c

I don't know if this is the correct forum to post this but hopefully someone can atleast point me in the right direction if they can't help me. I am trying to install the Net::Pcap module for perl from Tim Potter version .04. I have installed gcc 2.95.3 on my Solaris 8 box. I am sure it's just... (6 Replies)
Discussion started by: TioTony
6 Replies

2. Programming

pcap.h

I cant use pcap.h include file. How can I do so? :confused: (8 Replies)
Discussion started by: Pervez Sajjad
8 Replies

3. Programming

Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know? Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies

4. Shell Programming and Scripting

Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know? Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies

5. Shell Programming and Scripting

Sampling and Binning- Engineering problem

Hi everyone! Can you please help me with some shell scripting? I have an input file input.txt It has 3 columns (Time, Event, Value) Time event Value 03:38:22 A 57 03:38:23 A 56 03:38:24 B 24 03:38:25 C 51 03:38:26 B 7 03:38:26 ... (7 Replies)
Discussion started by: Needhelp2
7 Replies

6. Shell Programming and Scripting

data sampling

I have a requirement where I have multiple flat file sources. I need to create sample data from each source. Example: Source 1 has 10 flat files-- member, transaction,item,email,....etc Now if I get any 10 records (say first 10 records) from the member flat file, I need to find those matching... (2 Replies)
Discussion started by: arrivederci
2 Replies

7. Programming

printing out information from pcap file

Hi Folks, i got the following Problem: I want to make an analysis on a pcap file. (diestance between different packets and so on) The difficulty now... it's not a simple Ethernet/ IP/ File, but it's a SS7 file. There are the Layers MTP2 MTP3 and ISUP. My analysis depends on the ISUP Layer. Now... (0 Replies)
Discussion started by: thisismyname
0 Replies

LEARN ABOUT LINUX

etext

END(3)							     Linux Programmer's Manual							    END(3)

NAME

       etext, edata, end - end of program segments

SYNOPSIS

       extern etext;
       extern edata;
       extern end;

DESCRIPTION

       The addresses of these symbols indicate the end of various program segments:

       etext  This is the first address past the end of the text segment (the program code).

       edata  This is the first address past the end of the initialized data segment.

       end    This is the first address past the end of the uninitialized data segment (also known as the BSS segment).

CONFORMING TO

       Although these symbols have long been provided on most Unix systems, they are not standardized; use with caution.

NOTES

       The program must explicitly declare these symbols; they are not defined in any header file.

       On some systems the names of these symbols are preceded by underscores, thus: _etext, _edata, and _end.	These symbols are also defined for
       programs compiled on Linux.

       At the start of program execution, the program break will be somewhere near &end (perhaps at the start of the  following  page).   However,
       the  break  will  change as memory is allocated via brk(2) or malloc(3).  Use sbrk(2) with an argument of zero to find the current value of
       the program break.

EXAMPLE

       When run, the program below produces output such as the following:

	   $ ./a.out
	   First address past:
	       program text (etext)	  0x8048568
	       initialized data (edata)   0x804a01c
	       uninitialized data (end)   0x804a024

   Program source

       #include <stdio.h>
       #include <stdlib.h>

       extern char etext, edata, end; /* The symbols must have some type,
					  or "gcc -Wall" complains */

       int
       main(int argc, char *argv[])
       {
	   printf("First address past:
");
	   printf("    program text (etext)	 %10p
", &etext);
	   printf("    initialized data (edata)  %10p
", &edata);
	   printf("    uninitialized data (end)  %10p
", &end);

	   exit(EXIT_SUCCESS);
       }

SEE ALSO

       objdump(1), readelf(1), sbrk(2), elf(5)

COLOPHON

       This page is part of release 3.27 of the Linux man-pages project.  A description of the project, and information about reporting bugs,  can
       be found at http://www.kernel.org/doc/man-pages/.

GNU
								    2008-07-17								    END(3)
All times are GMT -4. The time now is 12:53 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy