Showing total connections to a certain IP address

Navigation
3

I have a network dump (PCAP file) containing slowloris attacks. The following script will show the number of connections to IP 192.168.1.2 on port 80: 

/usr/sbin/tcpdump -anr myfile.pcap |
    sed 's/^.*IP \([^:]*\)192.168.1.2.80:.*//p;d' |
    sort |
    uniq -c

which shows: 

  10 192.168.1.8.36684 >
   4 192.168.1.8.39619 >
   9 192.168.1.8.39856 >
   4 192.168.1.8.39896 >
   5 192.168.1.8.40195 >
  12 192.168.1.8.40196 >
   9 192.168.1.8.52288 >
   7 192.168.1.8.58529 >
   9 192.168.1.8.58639 >
   9 192.168.1.8.58730 >
   6 192.168.1.8.58835 >
  13 192.168.1.8.58851 >
  12 192.168.1.8.58852 >
  10 192.168.1.8.58882 >

myfile.PCAP é um time slice de 3 minutos!

My question is: I would like to add the connections and only show the total, that is, take the output of the previous script and add: 

10 +4 + 9 +... +12+10.

How to do this in Python? I do not know how to separate the initial IP number: Port.

    
asked by anonymous 15.05.2017 / 03:03

1 answer

4

Assuming the file saida.txt , I would do so: 

with open('saida.txt') as f:
    linhas = f.readlines()

soma = 0
for linha in linhas:
    soma += int(linha.strip().split(" ")[0])

print(soma)
    
15.05.2017 / 03:14
Should I add the .suo file to my source control? What is the best way to turn a secure contact form?