[英]Parsing TCPDUMP output
我试图解析我的TCPDUMP命令输出,以在特定的服务器在给定的秒数(或纳秒)之前发送回数据时打印“ ok”。示例:
11:45:41.198150 IP X.X.X.X.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:41.315699 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.316745 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13
如您所见,它首先输出第一行,在该行中,我正在发送数据,然后我将数据发送到服务器进行响应,现在我想要它,如果我向其发送数据的服务器没有响应设置一定的秒数,那么我会没有。 但是,如果有的话,我会打印“确定”。
Somtimes数据将如下所示
11:45:41.198150 IP X.X.X.X.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:41.315699 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.316745 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13
而ips将在不同的时间做出响应,我怎么仍可以解析这一点。
有了另一个问题的信息,即“ 解析TCPDUMP输出”,并且由于您询问了有关解析文件的信息,因此有几种方法可以完成它。 我已经生成了一个简单的脚本来读取数据并将其放入哈希中。 我将来自其他帖子的数据作为您要解析的输入。 它不执行数据验证,并且期望所有行在文件中的格式相同。
# Checking for errors (Good practice to always use)
use strict;
# open the file (first on on the command line)1
open my $input,$ARGV[0] or die "Unable to open file: $ARGV[0]";
# scalar/variable into which to save the line read from the file
my $line;
# Hash/mapping by machine for the time
my %machine2time;
# Array/List to store parsed line into individual list/array items
my @parsedLineSpace;
# Read line from the file. This will fail when a line cannot be read
while ( $line = <$input> )
{
# Parse the line based on spaces first element is time (index 0),
# the second is IP (index 1)
@parsedLineSpace = split('\s+',$line);
# If the IP exists in the hash/mapping, then the delta time needs to be
# computed as there is a response
if ( exists $machine2time{$parsedLineSpace[1]} )
{
# Get the times which are needed to compute the difference
# and place in scalar/variables
my $firstTime = $machine2time{$parsedLineSpace[1]};
my $responseTime = $parsedLineSpace[0];
# Compute the time difference (Exercise for the user)
# Use an array and split to break the time into individual components or
# the to do that. Make sure you use a \ to escape the . for the split
# and that you check for boundary conditions
# Remove the item from the hash/mapping as it is not needed and
# any remaining items left in the hash would be items which did
# get a response
delete $machine2time{$parsedLineSpace[1]};
}
# else this the first occurrence (or there was no response) so
# save the time for use later
else
{
$machine2time{$parsedLineSpace[1]} = $parsedLineSpace[0];
}
}
# Print out any machines which did not have a matched response
print "\nIPs which did not get a response\n";
# For each key in the hash/mapping (sorted) print out the key which
# is the IP
foreach my $machine ( sort keys %machine2time )
{
print "$machine\n";
}
希望这可以帮助您开始工作
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.