You could retrieve a PCAP file on you computer, open it in wireshark and play with statistics, or index packets metadata in some database in order to be able to aggregate counters, … but in most cases this may be overkill. What you want is a quick tool you can run directly from your Linux based network probe, something simple and stupid. Here is a script, tcpdump-stats, to sum the amount of IP traffic by srcip.srcport > dstip.dstport keys and to print the top n keys. Print traffic statistics from PCAP file(s). a, -all Overall stats instead of per PCAP file stats. t, -top=NUMBER Top n connections, default 10.
u, -unsupported Print unsupported tcpdump output to stderr.
xz, …) as long as the corresponding cat-like tools (ex: zcat, xzcat, …) are available in $PATH. It is possible to pass tcpdump arguments, this allows to filter packets in the PCAP files. Here is a usage example and the corresponding output: blackbird:~$ tcpdump-stats -a -t 20 /data/capture/20200629-08/wan.pcap* - not net 188.0.0.0/24 In order to do that, tcpdump arguments must be separated from script arguments with the - marker.
0 kommentar(er)
