Parsing TCPDUMP output

2019-09-08 09:10发布

站内问答 / 移动开发
1681 1 4

Im trying to parse my TCPDUMP command output to print "ok" if a specific server sends data back before a given amount of seconds ( or nanoseconds ) Example:

11:45:41.198150 IP X.X.X.X.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:41.315699 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.316745 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13

as you can see, it first outputs the first row where im sending data, then the server i sent data to repsponds, Now i want it so if the server that i sent data to doesnt respond withen a set amount of seconds, then i do nothing. but if it does, then i print "ok".

Somtimes data will look like this

11:45:41.198150 IP X.X.X.X.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:41.315699 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.316745 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13

And The ips will respond at diffrent times, how could i still parse this.

1条回答
成全新的幸福
2楼-- · 2019-09-08 09:57

With the information from your other question Parsing TCPDUMP output and since you asked about parsing the file, there are several ways it can be done. I have generate a simple script to read in the data and get it into a hash. I'm going with the data from your other posting as the input you want to parse. It does not do data validation and expects all lines to be the same format in the file. 

# Checking for errors (Good practice to always use)
use strict;

# open the file (first on on the command line)1
open my $input,$ARGV[0] or die "Unable to open file: $ARGV[0]";

# scalar/variable into which to save the line read from the file
my $line;
# Hash/mapping by machine for the time
my %machine2time;
# Array/List to store parsed line into individual list/array items
my @parsedLineSpace;

# Read line from the file.  This will fail when a line cannot be read
while ( $line = <$input> ) 
{
  # Parse the line based on spaces first element is time (index 0), 
  # the second is IP (index 1)
  @parsedLineSpace = split('\s+',$line);

  # If the IP exists in the hash/mapping, then the delta time needs to be
  # computed as there is a response 
  if ( exists $machine2time{$parsedLineSpace[1]} ) 
  {
    # Get the times which are needed to compute the difference
    # and place in scalar/variables 
    my $firstTime = $machine2time{$parsedLineSpace[1]};
    my $responseTime = $parsedLineSpace[0];

    # Compute the time difference (Exercise for the user)
    # Use an array and split to break the time into individual components or 
    # the to do that.  Make sure you use a \ to escape the . for the split
    # and that you check for boundary conditions  

    # Remove the item from the hash/mapping as it is not needed and 
    # any remaining items left in the hash would be items which did
    # get a response
    delete $machine2time{$parsedLineSpace[1]};
  }
  # else this the first occurrence (or there was no response) so 
  # save the time for use later
  else
  {
    $machine2time{$parsedLineSpace[1]} = $parsedLineSpace[0];
  }
}

# Print out any machines which did not have a matched response
print "\nIPs which did not get a response\n";
# For each key in the hash/mapping (sorted) print out the key which 
# is the IP
foreach my $machine ( sort keys %machine2time )
{
  print "$machine\n";
}

Hopefully this will get you started on your effort

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)