Find the answer to your Linux question:
Results 1 to 1 of 1

Thread: Tcpdump

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1


    Hi all, I have a bash script to retrieve the date/time source ip/port destination ip/port and size of packet from tcpdump and insert it into a sql table.

    while read data; do
            packet_time=`expr "$data" : '\([0-9:]*\)'`
            origin=`expr "$data" : '.*IP \([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\)'`
            origin_port=`expr "$data" : '.*IP [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.\([a-zA-Z0-9]*\)'`
            destination=`expr "$data" : '.* > \([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\)'`
            destination_port=`expr "$data" : '.* > [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.\([a-zA-Z0-9]*\)'`
            packet_size=`expr "$data" : '.*: . [0-9]*\:[0-9]*.\([0-9]*\)'`
            packet_date=`date '+%Y-%m-%d'`
            if [ "$packet_size" != "" ]
                    echo "$packet_date $packet_time :: $origin:$origin_port -> $destination:$destination_port -- SIZE: $packet_size"
                    echo `mysql -e "INSERT INTO PacketMon.MonData (date, time,origin,origin_port,destination,destination_port,size) VALUES ('$packet_date','$packet_time','$origin','$origin_port','$destination','$destination_port',$packet_size);"`
    Problem is that sum(size) query for a give period and src/dst does not match expected values, it is much smaller. I have read and reread the man page but I cant see what I am missing.

    The script is executed with;
    tcpdump -n -i eth1 | ./PacketMon
    Last edited by NoobJebus; 03-13-2009 at 12:53 AM. Reason: extra info

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts