| Originally published: Tuesday, 26 October 1999 | Author: James Andrews |
| Published to: news_learn_support/Support News | Page: 1/1 [Standard view] |
Linuxplanet adds "Today's Tip" SectionLinuxplanet now has a Tips section, which is updated daily
|
|
Here is one of the Tips
Analyse tcpdump output with a perl "one liner"
run
tcpdump -c 5000 >file1
and then analyse the output
perl -n -e 'next
unless(/^\S/ ); @a=split(/\s/);$s{$a[1]}++;
END {@o=sort { $s {$b} <=> $s{$a} }keys %s; for(@o[0..10]) { print ``$s{$_} $_\n''}}' file1
Do this repeatedly to see what is generating the traffic on your hosts interface
Here is the same thing as a short script
#!/usr/bin/perl -w
while(<>)
{ next unless(/^\S/);
@a=split(/\s/);
$s{$a[1]}++;
}
@o=sort { $s{$b} <=> $s{$a} }keys %s;
for (@o[0..10]) {
print ``$s{$_} $_\n'';
}
If you want something more sophisticated then the Ethereal package is worth a look