I have a network dump (PCAP file) containing slowloris attacks. The following script will show the number of connections to IP 192.168.1.2 on port 80:
/usr/sbin/tcpdump -anr myfile.pcap |
sed 's/^.*IP \([^:]*\)192.168.1.2.80:.*//p;d' |
sort |
uniq -c
which shows:
10 192.168.1.8.36684 >
4 192.168.1.8.39619 >
9 192.168.1.8.39856 >
4 192.168.1.8.39896 >
5 192.168.1.8.40195 >
12 192.168.1.8.40196 >
9 192.168.1.8.52288 >
7 192.168.1.8.58529 >
9 192.168.1.8.58639 >
9 192.168.1.8.58730 >
6 192.168.1.8.58835 >
13 192.168.1.8.58851 >
12 192.168.1.8.58852 >
10 192.168.1.8.58882 >
myfile.PCAP é um time slice de 3 minutos!
My question is: I would like to add the connections and only show the total, that is, take the output of the previous script and add:
10 +4 + 9 +... +12+10.
How to do this in Python? I do not know how to separate the initial IP number: Port.