i have a data that i got from analysing tcpdump file. the result is below.
First column is time, follow by src mac, dest_mac, src_ip & src_port and dest_ip_dest_ip.
i have data from one source ip to a destination ip which appears in different rows, only with the same information except little different in time. Instead of displaying all this information, i will like to loop through the file, if destination ip is the same, record the start time and the end time, the take the difference and print just one row with the difference.
My result at the moment
03-23 00:37:28.174515 | 8ca982044d00 | c04a00332142 | 192.168.1.100 | 49671 | 180.149.153.11 | 80 03-23 00:37:28.174536 | 8ca982044d00 | c04a00332142 | 192.168.1.100 | 49671 | 180.149.153.11 | 80 03-23 00:41:36.422588 | 8ca982044d00 | c04a00332142 | 192.168.1.100 | 49672 | 180.149.153.11 | 80 03-23 00:44:18.584080 | 8ca982044d00 | c04a00332142 | 192.168.1.100 | 49671 | 180.149.153.11 | 80 03-23 00:44:22.588592 | 8ca982044d00 | c04a00332142 | 192.168.1.100 | 35660 | 180.149.134.61 | 80 03-23 00:45:12.636571 | 8ca982044d00 | c04a00332142 | 192.168.1.100 | 35661 | 180.149.134.61 | 80
what i expect:
(00:44:22 - 00:37:28) | 8ca982044d00 | c04a00332142 | 192.168.1.100 | 35661 | 180.149.134.61 | 80
I dont expect you to write the code for me, but a little bit of hint will be so helpful
No comments:
Post a Comment