Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: tcpdump script to parse "packers captured" details
Top Forums Shell Programming and Scripting tcpdump script to parse "packers captured" details Post 302566125 by lazerz on Wednesday 19th of October 2011 01:59:04 PM
Old 10-19-2011
tcpdump script to parse "packers captured" details
I want a script that would do as:-

a) gives me packet capture account for each time it runs.
b) be able to run at a particular time for specific period time duration (1 min).
c) for each time it runs it saves the time / day.

Is there a way where i can capture the details as seen in the screen shot below where is says "packets captured"

Image

I would appreciate if i can get help over this.So far in what i tried I'm able to get packets information (raw) like in raw dump format. I;m particular interested in knowing its count.

Thank you
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Explain the line "mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'`"

Hi Friends, Can any of you explain me about the below line of code? mn_code=`env|grep "..mn"|awk -F"=" '{print $2}'` Im not able to understand, what exactly it is doing :confused: Any help would be useful for me. Lokesha (4 Replies)
Discussion started by: Lokesha
4 Replies

2. HP-UX

script running with "ksh" dumping core but not with "sh"

Hi, I have small script written in korn shell. When it is called from different script, its dumping core, but no core dump when we run it standalone. And its not dumping core if we run the script using "/bin/sh" instead of "ksh" Can some body please help me how to resolve this issue. ... (9 Replies)
Discussion started by: simhe02
9 Replies

3. Shell Programming and Scripting

Simplify Bash Script Using "sed" Or "awk"

Input file: 2 aux003.net3.com error12 6 awn0117.net1.com error13 84 aux008 error14 29 aux001.ha.ux.isd.com error12 209 aux002.vm.ux.isd.com error34 21 alx0027.vm.net2.com error12 227 dux001.net5.com error123 22 us008.dot.net2.com error121 13 us009.net2.com error129Expected Output: 2... (4 Replies)
Discussion started by: sQew
4 Replies

4. Shell Programming and Scripting

awk command to replace ";" with "|" and ""|" at diferent places in line of file

Hi, I have line in input file as below: 3G_CENTRAL;INDONESIA_(M)_TELKOMSEL;SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL My expected output for line in the file must be : "1-Radon1-cMOC_deg"|"LDIndex"|"3G_CENTRAL|INDONESIA_(M)_TELKOMSEL"|LAST|"SPECIAL_WORLD_GRP_7_FA_2_TELKOMSEL" Can someone... (7 Replies)
Discussion started by: shis100
7 Replies

5. UNIX for Dummies Questions & Answers

"Help with bash script" - "License Server and Patch Updates"

Hi All, I'm completely new to bash scripting and still learning my way through albeit vey slowly. I need to know where to insert my server names', my ip address numbers through out the script alas to no avail. I'm also searching on how to save .sh (bash shell) script properly.... (25 Replies)
Discussion started by: profileuser
25 Replies

6. UNIX for Dummies Questions & Answers

Using "mailx" command to read "to" and "cc" email addreses from input file

How to use "mailx" command to do e-mail reading the input file containing email address, where column 1 has name and column 2 containing “To” e-mail address and column 3 contains “cc” e-mail address to include with same email. Sample input file, email.txt Below is an sample code where... (2 Replies)
Discussion started by: asjaiswal
2 Replies

7. Shell Programming and Scripting

Bash script - Print an ascii file using specific font "Latin Modern Mono 12" "regular" "9"

Hello. System : opensuse leap 42.3 I have a bash script that build a text file. I would like the last command doing : print_cmd -o page-left=43 -o page-right=22 -o page-top=28 -o page-bottom=43 -o font=LatinModernMono12:regular:9 some_file.txt where : print_cmd ::= some printing... (1 Reply)
Discussion started by: jcdole
1 Replies

8. AIX

Apache 2.4 directory cannot display "Last modified" "Size" "Description"

Hi 2 all, i have had AIX 7.2 :/# /usr/IBMAHS/bin/apachectl -v Server version: Apache/2.4.12 (Unix) Server built: May 25 2015 04:58:27 :/#:/# /usr/IBMAHS/bin/apachectl -M Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_worker_module (static) ... (3 Replies)
Discussion started by: penchev
3 Replies

LEARN ABOUT HPUX

pcap-tstamp

PCAP-TSTAMP(7)						 Miscellaneous Information Manual					    PCAP-TSTAMP(7)

NAME

       pcap-tstamp - packet time stamps in libpcap

DESCRIPTION

       When  capturing traffic, each packet is given a time stamp representing, for incoming packets, the arrival time of the packet and, for out-
       going packets, the transmission time of the packet.  This time is an approximation of the arrival or transmission time.	If it is  supplied
       by the operating system running on the host on which the capture is being done, there are several reasons why it might not precisely repre-
       sent the arrival or transmission time:

	      if the time stamp is applied to the packet when the networking stack receives the packet, the networking stack  might  not  see  the
	      packet  until an interrupt is delivered for the packet or a timer event causes the networking device driver to poll for packets, and
	      the time stamp might not be applied until the packet has had some processing done by other code in the networking  stack,  so  there
	      might  be  a  significant delay between the time when the last bit of the packet is received by the capture device and when the net-
	      working stack time-stamps the packet;

	      the timer used to generate the time stamps might have low resolution, for example, it might be a timer updated once per host operat-
	      ing system timer tick, with the host operating system timer ticking once every few milliseconds;

	      a  high-resolution  timer might use a counter that runs at a rate dependent on the processor clock speed, and that clock speed might
	      be adjusted upwards or downwards over time and the timer might not be able to compensate for all those adjustments;

	      the host operating system's clock might be adjusted over time to match a time standard to which  the  host  is  being  synchronized,
	      which might be done by temporarily slowing down or speeding up the clock or by making a single adjustment;

	      different  CPU cores on a multi-core or multi-processor system might be running at different speeds, or might not have time counters
	      all synchronized, so packets time-stamped by different cores might not have consistent time stamps.

       In addition, packets time-stamped by different cores might be time-stamped in one order and added to the queue of packets  for  libpcap	to
       read in another order, so time stamps might not be monotonically increasing.

       Some  capture devices on some platforms can provide time stamps for packets; those time stamps are usually high-resolution time stamps, and
       are usually applied to the packet when the first or last bit of the packet arrives, and are thus more accurate than time stamps provided by
       the  host  operating  system.   Those  time stamps might not, however, be synchronized with the host operating system's clock, so that, for
       example, the time stamp of a packet might not correspond to the time stamp of an event on the host triggered by the arrival of that packet.

       Depending on the capture device and the software on the host, libpcap  might  allow  different  types  of  time	stamp  to  be  used.   The
       pcap_list_tstamp_types(3PCAP)  routine  provides,  for  a  packet  capture  handle  created  by pcap_create(3PCAP) but not yet activated by
       pcap_activate(3PCAP), a list of time stamp types supported by the capture device for that handle.  The list might be empty, in  which  case
       no  choice of time stamp type is offered for that capture device.  If the list is not empty, the pcap_set_tstamp_type(3PCAP) routine can be
       used after a pcap_create() call and before a pcap_activate() call to specify the type of time stamp to be used on  the  device.	 The  time
       stamp  types  are  listed  here;  the  first  value  is	the  #define  to  use  in  code,  the  second  value  is  the  value  returned	by
       pcap_tstamp_type_val_to_name() and accepted by pcap_tstamp_name_to_val().

	    PCAP_TSTAMP_HOST - host
		 Time stamp provided by the host on which the capture is being done.  The precision of this time stamp is unspecified; it might or
		 might not be synchronized with the host operating system's clock.

	    PCAP_TSTAMP_HOST_LOWPREC - host_lowprec
		 Time  stamp  provided	by the host on which the capture is being done.  This is a low-precision time stamp, synchronized with the
		 host operating system's clock.

	    PCAP_TSTAMP_HOST_HIPREC - host_hiprec
		 Time stamp provided by the host on which the capture is being done.  This is a high-precision time stamp; it might or	might  not
		 be synchronized with the host operating system's clock.  It might be more expensive to fetch than PCAP_TSTAMP_HOST_LOWPREC.

	    PCAP_TSTAMP_ADAPTER - adapter
		 Time stamp provided by the network adapter on which the capture is being done.  This is a high-precision time stamp, synchronized
		 with the host operating system's clock.

	    PCAP_TSTAMP_ADAPTER_UNSYNCED - adapter_unsynced
		 Time stamp provided by the network adapter on which the capture is being done.  This is a high-precision time stamp;  it  is  not
		 synchronized with the host operating system's clock.

SEE ALSO

       pcap_set_tstamp_type(3PCAP), pcap_list_tstamp_types(3PCAP), pcap_tstamp_type_val_to_name(3PCAP), pcap_tstamp_name_to_val(3PCAP)

								  22 August 2010						    PCAP-TSTAMP(7)
All times are GMT -4. The time now is 09:21 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy