[Bro] Traffic Volume Calculation Using Bro's Connection, Log
scottie
jwillie4020 at gmail.com
Thu Nov 21 20:37:03 PST 2013
Try this:
cat conn.log | awk 'BEGIN{other=0;tcp=0;udp=0;icmp=0} {if($7 == "tcp")
tcp=tcp+1} {if($7 == "udp") udp=udp+1} {if($7 == "icmp") icmp=icmp+1}
{if($7 != "tcp" && $7 != "udp" && $7 != "icmp" ) other=other+1} END{
print "TCP: " tcp, "\nUDP: " udp, "\nICMP: " icmp, "\nOther: " other}'
| column -t
It will give you an overview of tcp/udp/icmp and 'other' connections.
What does it output for you? 99.9% of my traffic is one of these first 3.
More information about the Bro
mailing list