Counting the number of IP connections to a web server on port 80. Is the regex correct?

3

I would like to count the number of connections per IP per second (on port 80) to a web server whose IP is 192.168.1.216. The entry for the count is a network dump file in the PCAP format (.pcap file) generated with tcpdump. The output will be directed to the count.txt file

Is the following regular expression (regex) correct? What do you think?

PCAP file: link

tcpdump -anr arquivo.pcap host 192.168.1.216 and port 80 |
    sed -une '
      s/^\(.\{8\}\).* IP \(.*\)\.[0-9]\+ > 192.168.1.216.80: Flags \[S\],.*/ /p
    ' |
    sort | uniq -c >contagem.txt

Example input:

Exampleofanoutput:

107:50:00192.168.1.107107:50:00192.168.1.108107:50:00192.168.1.110107:50:00192.168.1.121107:50:00192.168.1.128107:50:00192.168.1.129107:50:00192.168.1.130107:50:00192.168.1.138107:50:00192.168.1.140107:50:00192.168.1.143107:50:00192.168.1.148107:50:00192.168.1.153107:50:00192.168.1.160107:50:00192.168.1.169107:50:00192.168.1.170107:50:00192.168.1.176

ThesumafterwardsisdonewithaPythonscript:

withopen('contagem.txt')asf:linhas=f.readlines()soma=0forlinhainlinhas:soma+=int(linha.strip().split(" ")[0])

print(soma)

Is the regular expression (regex) correct? What do you think?

    
asked by anonymous 02.09.2017 / 17:42

0 answers