I have a standard pcap file created using tcpdump. The file looks like
Since each entry in the file represents a packet, I have to calculate number of packets and IP address in each 10 second interval.
So the output file should look something like this:
and so on till end of the file.
The last entry in the output file can have the first column value (i.e. time) to be less than 10 seconds.
Since the pcap file is quite big (~500-600 MB) I am looking for a solution in sed/awk.
Any help will be highly appreciated.
Thanks!!
Last edited by Franklin52; 11-14-2010 at 10:48 AM..
Reason: Please use code tags
First one works better. Don't know why but the second one make some error in counting the packets though the IP count is same.
Can this be extended to print only the IP addresses which are new in each interval by comparing it with previous interval? I mean for example the second interval (10-20 sec) had 30 IP's and first third interval (20-30) had 50 IP's, but out of these 50, 10 are common (i.e. also present in second interval). So the output file has one more column which prints out the new IP's i.e. 40 in this case.
The output file looks like this
#Time Packets IPs New IPs
The first interval (0-10) will have the same values for column 3 (IPs) and Column 4 (New IPs)
This is what I understood your requirement was (each line displays a count of IPs used in the current interval and count of new IPs introduced, ie not seen in the file up to this point).
The array GIP (Global IP) contains each IP seen in the file so far. Each time an IP not in this array is seen it's added to this array and the new counter is incremented.
Perhaps this is wrong, when I re-read your post it appears you only want those IPs not seen in the previous interval (as opposed to the whole file) is this correct?
For Interval,Count,New should we get
or
Yes I want to have a count of IPs in the current interval (which should be user controlled) and a count of new IPs in that same interval when compared to the previous interval not the whole file.
So the output should be the second one which you posted i.e.
Hi Folks,
i got the following Problem: I want to make an analysis on a pcap file. (diestance between different packets and so on) The difficulty now... it's not a simple Ethernet/ IP/ File, but it's a SS7 file.
There are the Layers MTP2 MTP3 and ISUP. My analysis depends on the ISUP Layer.
Now... (0 Replies)
I have a requirement where I have multiple flat file sources.
I need to create sample data from each source.
Example:
Source 1 has 10 flat files--
member, transaction,item,email,....etc
Now if I get any 10 records (say first 10 records) from the member flat file, I need to find those matching... (2 Replies)
Hi everyone!
Can you please help me with some shell scripting?
I have an input file input.txt
It has 3 columns (Time, Event, Value)
Time event Value
03:38:22 A 57
03:38:23 A 56
03:38:24 B 24
03:38:25 C 51
03:38:26 B 7
03:38:26 ... (7 Replies)
I don't know if this is the correct forum to post this but hopefully someone can atleast point me in the right direction if they can't help me.
I am trying to install the Net::Pcap module for perl from Tim Potter version .04. I have installed gcc 2.95.3 on my Solaris 8 box. I am sure it's just... (6 Replies)