Quick and dirty net sniffing

Analyse tcpdump output with a perl "one liner"

October 26, 1999
By James Andrews

run tcpdump -c 5000 >file1

and then analyse the output:
perl -n -e 'next unless(/^\S/ ); @a=split(/\s/); $s{$a[1]}++; END {@o=sort { $s {$b} <=> $s{$a} }keys %s; for (@o[0..10]) { print ``$s{$_} $_\n''}}' file1

Do this repeatedly to see what is generating the traffic on your host's interface.

Here is the same thing as a short script:


#!/usr/bin/perl -w 

while(<>)

  { next unless(/^\S/);

    @a=split(/\s/);

    $s{$a[1]}++; 

  } 

  @o=sort { $s{$b} <=> $s{$a} }keys %s; 

for (@o[0..10]) { 

  print ``$s{$_} $_\n'';

                     }

If you want something more sophisticated then the Ethereal package is worth a look.

Solid State Drives: The Future of Data Storage?

Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.

Quick and dirty net sniffing

Analyse tcpdump output with a perl "one liner"

Most Popular LinuxPlanet Stories