Originally Published: Tuesday, 26 October 1999 Author: James Andrews
Published to: news_learn_support/Support News Page: 1/1 - [Std View]

Linuxplanet adds "Today's Tip" Section

Linuxplanet now has a Tips section, which is updated daily

Here is one of the Tips

Analyse tcpdump output with a perl "one liner"

run tcpdump -c 5000 >file1

and then analyse the output

perl -n -e 'next unless(/^\S/ ); @a=split(/\s/);$s{$a[1]}++; END {@o=sort { $s {$b} <=> $s{$a} }keys %s; for(@o[0..10]) { print ``$s{$_} $_\n''}}' file1

Do this repeatedly to see what is generating the traffic on your hosts interface

Here is the same thing as a short script

#!/usr/bin/perl -w while(<>) { next unless(/^\S/); @a=split(/\s/); $s{$a[1]}++; } @o=sort { $s{$b} <=> $s{$a} }keys %s; for (@o[0..10]) { print ``$s{$_} $_\n''; }

If you want something more sophisticated then the Ethereal package is worth a look