CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate: Re: [FishMonger] Searching two-value hash array: Edit Log



CPS
Novice

Sep 14, 2012, 10:59 AM


Views: 3039
Re: [FishMonger] Searching two-value hash array

Hello.
Thanks for the reply.

Well, the biggest problems i have with creating an algoritm and perl language as well.

Maybe i'll write about what i need to parse.
Basically i would like to parse tcpdump output (pcap file) with perl using following modules:
Net::TcpDumpLog; NetPacket::Ethernet; NetPacket::IP; NetPacket::TCP;

More information (+sample script) about that:

http://hype-free.blogspot.fr/2010/03/parsing-pcap-files-with-perl.html

The problem is this script generates output in the following format:
Session Bytes Total
===================================================================
10.197.191.250:445 <-> 10.197.191.50:47766 778663 < - SESSION 1
10.197.191.50:47766 <-> 10.197.191.250:445 739008 <- SESSION 1
10.197.191.250:9090 <-> 10.197.191.101:4968 240466 <- SESSION 2
10.197.191.250:9090 <-> 10.197.191.45:27547 181070 < -SESSION 3
(...)

As you can see above, both first lines store information about one connection.
Let's say that 10.197.191.250 is the server and other addresses are clients.
So 10.197.191.250 received 778663 bytes from 10.197.191.50, and 10.197.191.50 received 739008 bytes from 10.197.191.250.

HAving this in mind I would like this output in the format:
SESSION REC SENT TOTAL
10.197.191.250:445 <-> 10.197.191.250 778663 739008 1517671
(...)

So, i need to count and place information about one particular connection in one line.

I've modified code from the above link to the following:
============== EDIT================

Code
 
my $othcnt;
my @arrayz;
my $res;
foreach $key (keys(%sum))
{
my @excludeList = split("<->", $key);
my $firstvalue = trim($excludeList[0]); # ip address
my $secondvalue = trim($excludeList[1]); # ip address
foreach $keyx (keys(%sum))
{
$res = 0;
@excludeList = split("<->", $keyx);
my $thirdvalue = trim($excludeList[0]); # ip address
my $forth = trim($excludeList[1]); # ip address
if (($firstvalue eq $forth) && ($thirdvalue eq $secondvalue))
{
$res = &checkArray($thirdvalue, $forth);
if ($res != 1)
{
$arrayz[$othcnt] = $key;
$othcnt = $othcnt + 1;
my $suma;
$suma = $sum{$key} + $sum{$keyx};
print "$key \t $sum{$key} \t $sum{$keyx} \t $suma \n";
}

}
}
#print "\t$key \t$sum{$key}\n";
}

sub trim($)
{
my $string = shift;
$string =~ s/^\s+//;
$string =~ s/\s+$//;
return $string;
}

sub checkArray($val, $val2)
{
my $arrayvalue;
my $result = 0;
foreach $arrayvalue(@arrayz)
{
my @excludeList = split("<->", $arrayvalue);
my $firstvalue = trim($excludeList[0]); # ip address of first
my $secondvalue = trim($excludeList[1]); # ip address of first
if (($val1 eq $secondvalue) && ($val2 eq $firstvalue))
{
$result = 1;
}

}
return $result;
}


Do you have any ideas?
Please help


(This post was edited by CPS on Sep 14, 2012, 11:26 AM)


Edit Log:
Post edited by CPS (Novice) on Sep 14, 2012, 11:19 AM
Post edited by CPS (Novice) on Sep 14, 2012, 11:26 AM


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives