Counting the number of connections per IP to a web server on port 80. Is regex correct?

Asked

Viewed 201 times

2

I would like to count the number of connections per IP per second (at port 80) to a web server whose IP is 192.168.1.216. The input for the count is a network dump file in the PCAP (.pcap file) format generated with tcpdump. The output will be directed to the.txt count file

Is the following regular expression (regex) correct? What do you think?

PCAP file: https://ufile.io/y5c7k

tcpdump -anr arquivo.pcap host 192.168.1.216 and port 80 |
    sed -une '
      s/^\(.\{8\}\).* IP \(.*\)\.[0-9]\+ > 192.168.1.216.80: Flags \[S\],.*/\1 \2/p
    ' |
    sort | uniq -c >contagem.txt

Input example:

Entrada

Example of an output:

      1 07:50:00 192.168.1.107
      1 07:50:00 192.168.1.108
      1 07:50:00 192.168.1.110
      1 07:50:00 192.168.1.121
      1 07:50:00 192.168.1.128
      1 07:50:00 192.168.1.129
      1 07:50:00 192.168.1.130
      1 07:50:00 192.168.1.138
      1 07:50:00 192.168.1.140
      1 07:50:00 192.168.1.143
      1 07:50:00 192.168.1.148
      1 07:50:00 192.168.1.153
      1 07:50:00 192.168.1.160
      1 07:50:00 192.168.1.169
      1 07:50:00 192.168.1.170
      1 07:50:00 192.168.1.176

The sum later is done with a Python script:

with open('contagem.txt') as f: linhas = f.readlines()

soma = 0
for linha in linhas: soma += int(linha.strip().split(" ")[0])

print(soma)

Is the regular expression (regex) correct? What do you think?

python python-3.x regex python-2.7
  • 1

    A sample of the kind of aruqivo you want to read will be very difficult to answer the question. Search of files "pcap" in google result in files cplexo,s comd binary mixed - algu[em would have to find the specification, read, understand,r enteder to your regular expereesão e ai dar uma resposta.

  • Now, since you have put the Python tag, I hope you will be able to make a 5-10 line python script that will be much more readable and easy to maintain than the approach you are trying

  • @jsbueno: I’ll put an example file (link): https://ufile.io/y5c7k

  • @Peace: Could you suggest some different way of doing the regex or a python script?

  • @Eds which field of the image is the input? it comes all concatenated? puts an example there in writing that I think I can come up with something good for you!

  • @Paz: The entry is the network dump file I printed. The file is available here -> https://ufile.io/y5c7k

Show 1 more comment
No answers

Browser other questions tagged python python-3.x regex python-2.7

You are not signed in. Login or sign up in order to post.