How to get this OUTPUT? perl/awk/sed? How?

Tom H tomh0665 at gmail.com
Mon Jul 4 10:56:50 UTC 2011


To Alan Pope:

I was about to delete the email below and noticed that it was sent on
June 22nd. So I checked the archive and it's there
https://lists.ubuntu.com/archives/ubuntu-users/2011-June/247638.html

Problem?



On Mon, Jul 4, 2011 at 6:43 AM, Tom H <tomh0665 at gmail.com> wrote:
> On Wed, Jun 22, 2011 at 2:27 AM, lancebaynes87 <lancebaynes87 at zoho.com> wrote:
>>
>> How can I generate from this INPUT in "general"
>>
>> INPUT (/proc/net/ip_conntrack)
>>
>>     udp      17 0 src=192.168.1.128 dst=91.120.112.125 sport=29249
>> dport=39802 packets=3 bytes=408 [UNREPLIED] src=91.120.112.125
>> dst=79.132.235.112 sport=39802 dport=29249 packets=0 bytes=0 mark=0 use=2
>>     udp      17 146 src=192.168.1.128 dst=98.196.37.3 sport=56932
>> dport=43645 packets=924 bytes=406167 src=98.196.37.3 dst=79.132.235.112
>> sport=43645 dport=56932 packets=1042 bytes=546092 [ASSURED] mark=0 use=2
>>     tcp      6 118 SYN_SENT src=192.168.1.129 dst=89.132.51.110 sport=2518
>> dport=47385 packets=2 bytes=104 [UNREPLIED] src=80.132.51.190
>> dst=79.132.235.112 sport=47385 dport=2518 packets=0 bytes=0 mark=0 use=2
>>     udp      17 147 src=192.168.1.128 dst=98.196.37.7 sport=56937
>> dport=43647 packets=924 bytes=406167 src=98.196.37.7 dst=80.132.235.117
>> sport=43647 dport=56937 packets=1042 bytes=546092 [ASSURED] mark=0 use=2
>>     tcp      6 119 SYN_SENT src=192.168.1.129 dst=89.132.51.110 sport=2514
>> dport=47384 packets=2 bytes=104 [UNREPLIED] src=80.132.51.194
>> dst=80.132.235.114 sport=47384 dport=2514 packets=0 bytes=0 mark=0 use=2
>>     udp      17 163 src=192.168.1.1 dst=192.168.1.201 sport=67 dport=68
>> packets=29 bytes=9512 src=192.168.1.201 dst=192.168.1.1 sport=68 dport=67
>> packets=27 bytes=8856 [ASSURED] mark=0 use=2
>>     tcp      6 1 TIME_WAIT src=192.168.1.201 dst=67.201.31.15 sport=55479
>> dport=80 packets=7 bytes=725 src=67.201.31.35 dst=79.132.235.112 sport=80
>> dport=55479 packets=5 bytes=1963 [ASSURED] mark=0 use=2
>>
>> to this output?
>>
>> OUTPUT
>>
>>     udp    192.168.1.128    3
>>     tcp    192.168.1.129    2
>>     udp    192.168.1.1    1
>>     tcp    192.168.1.201    1
>>
>> So that from the INPUT datas the OUTPUT would be 3 columns:
>>
>>     protocoll    src-ip-address    count-connection-numbers
>>
>> So that the IP with the most number of connections would be at top.
>
> I would've thought that this was answered on the fedora users list
> after you posted there:
> http://lists.fedoraproject.org/pipermail/users/2011-June/400368.html
>




More information about the ubuntu-users mailing list