Quick and dirty net sniffing
Analyse tcpdump output with a perl "one liner"
James Andrews
Tuesday, October 26, 1999 02:59:12 PM
run
tcpdump -c 5000 >file1
and then analyse the output:
perl -n -e 'next unless(/^\S/ ); @a=split(/\s/); $s{$a[1]}++;
END {@o=sort { $s {$b} <=> $s{$a} }keys %s; for
(@o[0..10]) { print ``$s{$_} $_\n''}}' file1
Do this repeatedly to see what is generating the traffic on your host's
interface.
Here is the same thing as a short script:
#!/usr/bin/perl -w
while(<>)
{ next unless(/^\S/);
@a=split(/\s/);
$s{$a[1]}++;
}
@o=sort { $s{$b} <=> $s{$a} }keys %s;
for (@o[0..10]) {
print ``$s{$_} $_\n'';
}
If you want something more sophisticated then the
Ethereal package is
worth a look.
