April 26, 2019

Quick and dirty net sniffing

Analyse tcpdump output with a perl "one liner"

  • October 26, 1999
  • By James Andrews

run tcpdump -c 5000 >file1

and then analyse the output:
perl -n -e 'next unless(/^\S/ ); @a=split(/\s/); $s{$a[1]}++;
END {@o=sort { $s {$b} <=> $s{$a} }keys %s; for
(@o[0..10]) { print ``$s{$_} $_\n''}}' file1

Do this repeatedly to see what is generating the traffic on your host's interface.

Here is the same thing as a short script:

#!/usr/bin/perl -w
{ next unless(/^\S/);
@o=sort { $s{$b} <=> $s{$a} }keys %s;
for (@o[0..10]) {
print ``$s{$_} $_\n'';

If you want something more sophisticated then the Ethereal package is worth a look.

Most Popular LinuxPlanet Stories