解析TCPDUMP输出

Question

我试图解析我的TCPDUMP命令输出，以在特定的服务器在给定的秒数（或纳秒）之前发送回数据时打印“ ok”。示例：

11:45:41.198150 IP X.X.X.X.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:41.315699 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.316745 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13

如您所见，它首先输出第一行，在该行中，我正在发送数据，然后我将数据发送到服务器进行响应，现在我想要它，如果我向其发送数据的服务器没有响应设置一定的秒数，那么我会没有。 但是，如果有的话，我会打印“确定”。

Somtimes数据将如下所示

11:45:41.198150 IP X.X.X.X.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:41.315699 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.198845 IP X.X.X.X.168.662 > Y.Y.Y.Y.161: UDP, length 37
11:45:42.316745 IP Y.Y.Y.Y.161 > X.X.X.X.662: UDP, length 13

而ips将在不同的时间做出响应，我怎么仍可以解析这一点。

Answer 1

有了另一个问题的信息，即“ 解析TCPDUMP输出”，并且由于您询问了有关解析文件的信息，因此有几种方法可以完成它。 我已经生成了一个简单的脚本来读取数据并将其放入哈希中。 我将来自其他帖子的数据作为您要解析的输入。 它不执行数据验证，并且期望所有行在文件中的格式相同。

# Checking for errors (Good practice to always use)
use strict;

# open the file (first on on the command line)1
open my $input,$ARGV[0] or die "Unable to open file: $ARGV[0]";

# scalar/variable into which to save the line read from the file
my $line;
# Hash/mapping by machine for the time
my %machine2time;
# Array/List to store parsed line into individual list/array items
my @parsedLineSpace;

# Read line from the file.  This will fail when a line cannot be read
while ( $line = <$input> ) 
{
  # Parse the line based on spaces first element is time (index 0), 
  # the second is IP (index 1)
  @parsedLineSpace = split('\s+',$line);

  # If the IP exists in the hash/mapping, then the delta time needs to be
  # computed as there is a response 
  if ( exists $machine2time{$parsedLineSpace[1]} ) 
  {
    # Get the times which are needed to compute the difference
    # and place in scalar/variables 
    my $firstTime = $machine2time{$parsedLineSpace[1]};
    my $responseTime = $parsedLineSpace[0];

    # Compute the time difference (Exercise for the user)
    # Use an array and split to break the time into individual components or 
    # the to do that.  Make sure you use a \ to escape the . for the split
    # and that you check for boundary conditions  

    # Remove the item from the hash/mapping as it is not needed and 
    # any remaining items left in the hash would be items which did
    # get a response
    delete $machine2time{$parsedLineSpace[1]};
  }
  # else this the first occurrence (or there was no response) so 
  # save the time for use later
  else
  {
    $machine2time{$parsedLineSpace[1]} = $parsedLineSpace[0];
  }
}

# Print out any machines which did not have a matched response
print "\nIPs which did not get a response\n";
# For each key in the hash/mapping (sorted) print out the key which 
# is the IP
foreach my $machine ( sort keys %machine2time )
{
  print "$machine\n";
}

希望这可以帮助您开始工作