Displaying total connections to a certain IP address

Asked

Viewed 116 times

2

I have a network dump (PCAP file) containing attacks slowloris. The following script will show the number of connections to IP 192.168.1.2 on port 80:

/usr/sbin/tcpdump -anr myfile.pcap |
    sed 's/^.*IP \([^:]*\)192.168.1.2.80:.*/\1/p;d' |
    sort |
    uniq -c

that shows:

  10 192.168.1.8.36684 >
   4 192.168.1.8.39619 >
   9 192.168.1.8.39856 >
   4 192.168.1.8.39896 >
   5 192.168.1.8.40195 >
  12 192.168.1.8.40196 >
   9 192.168.1.8.52288 >
   7 192.168.1.8.58529 >
   9 192.168.1.8.58639 >
   9 192.168.1.8.58730 >
   6 192.168.1.8.58835 >
  13 192.168.1.8.58851 >
  12 192.168.1.8.58852 >
  10 192.168.1.8.58882 >

myfile.PCAP é um time slice de 3 minutos!

My question is: I would like to sum up the connections and show only the total, ie take the output of the previous script and add up:

10 +4 + 9 +... +12+10.

How to do this in Python? I don’t know how to separate the initial number from the IP:Port.

python python-3.x python-2.7

1 answer

4


Assuming the file saida.txt, I would do so:

with open('saida.txt') as f:
    linhas = f.readlines()

soma = 0
for linha in linhas:
    soma += int(linha.strip().split(" ")[0])

print(soma)

  • :but I need to read the file first. Suppose the file containing the displayed output is output.txt. How would it look like?

  • 1

    See my issue, if it’s clearer.

  • could help in https://answall.com/questions/207138/gr%C3%a1fico-do-total-conex%C3%b5es-per-second-during-one-attack-nega%C3%A7%C3%a3o-de-servi%C3%a7o

  • I think I have time today. I’ve had a try here.

  • I really appreciate it. I got caught up in that problem!

Browser other questions tagged python python-3.x python-2.7

You are not signed in. Login or sign up in order to post.