On Wed, Jun 22, 2011 at 2:27 AM, lancebaynes87 <lancebaynes87@xxxxxxxx> wrote:
> How can I generate from this INPUT in "general"
>
> INPUT (/proc/net/ip_conntrack)
>
> udp 17 0 src=192.168.1.128 dst=91.120.112.125 sport=29249
> dport=39802 packets=3 bytes=408 [UNREPLIED] src=91.120.112.125
> dst=79.132.235.112 sport=39802 dport=29249 packets=0 bytes=0 mark=0 use=2
> udp 17 146 src=192.168.1.128 dst=98.196.37.3 sport=56932
> dport=43645 packets=924 bytes=406167 src=98.196.37.3 dst=79.132.235.112
> sport=43645 dport=56932 packets=1042 bytes=546092 [ASSURED] mark=0 use=2
> tcp 6 118 SYN_SENT src=192.168.1.129 dst=89.132.51.110 sport=2518
> dport=47385 packets=2 bytes=104 [UNREPLIED] src=80.132.51.190
> dst=79.132.235.112 sport=47385 dport=2518 packets=0 bytes=0 mark=0 use=2
> udp 17 147 src=192.168.1.128 dst=98.196.37.7 sport=56937
> dport=43647 packets=924 bytes=406167 src=98.196.37.7 dst=80.132.235.117
> sport=43647 dport=56937 packets=1042 bytes=546092 [ASSURED] mark=0 use=2
> tcp 6 119 SYN_SENT src=192.168.1.129 dst=89.132.51.110 sport=2514
> dport=47384 packets=2 bytes=104 [UNREPLIED] src=80.132.51.194
> dst=80.132.235.114 sport=47384 dport=2514 packets=0 bytes=0 mark=0 use=2
> udp 17 163 src=192.168.1.1 dst=192.168.1.201 sport=67 dport=68
> packets=29 bytes=9512 src=192.168.1.201 dst=192.168.1.1 sport=68 dport=67
> packets=27 bytes=8856 [ASSURED] mark=0 use=2
> tcp 6 1 TIME_WAIT src=192.168.1.201 dst=67.201.31.15 sport=55479
> dport=80 packets=7 bytes=725 src=67.201.31.35 dst=79.132.235.112 sport=80
> dport=55479 packets=5 bytes=1963 [ASSURED] mark=0 use=2
>
> to this output?
>
> OUTPUT
>
> udp 192.168.1.128 3
> tcp 192.168.1.129 2
> udp 192.168.1.1 1
> tcp 192.168.1.201 1
>
> So that from the INPUT datas the OUTPUT would be 3 columns:
>
> protocoll src-ip-address count-connection-numbers
>
> So that the IP with the most number of connections would be at top.
>
#!/bin/env perl
# count_connections.pl - count connections per ip in nf_conntrack
# or ip_conntrack (in /proc/net)
use strict;
use warnings;
my ($protocol, $address, %stat);
while (my $line = <>) {
chomp $line;
if (($protocol, $address) =
$line =~ /\s+(udp|tcp)\s+(?:.*?)\ src=(\d*\.\d*\.\d*\.\d*)\s/) {
$stat{"$protocol:$address"}++;
}
}
printf("%8s %-18s count-connection-numbers\n", 'protocol',
'src-ip-address');
foreach my $key (sort {$stat{$b} <=> $stat{$a}} keys %stat) {
($protocol, $address) = split(/:/, $key);
printf("%8s %-18s %6d\n", $protocol, $address, $stat{$key});
}
cat fedora_list_input.txt |./count_connections.pl
protocol src-ip-address count-connection-numbers
udp 192.168.1.128 3
tcp 192.168.1.129 2
tcp 192.168.1.201 1
udp 192.168.1.1 1
It also works on /proc/net/nf_conntrack
cat /proc/net/nf_conntrack|./count_connections.pl
protocol src-ip-address count-connection-numbers
udp 192.168.1.77 4
tcp 192.168.1.162 3
udp 182.168.1.68 1
Mike
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
