[Bro] Traffic Volume Calculation Using Bro's Connection, Log
scottie
jwillie4020 at gmail.com
Fri Nov 22 00:13:19 PST 2013
Disregard that last email, i think bro can only see tcp, udp, and icmp,
the 'others' that i was seeing were headers and spaces.
On 22/11/13 15:37, scottie wrote:
> Try this:
> cat conn.log | awk 'BEGIN{other=0;tcp=0;udp=0;icmp=0} {if($7 == "tcp")
> tcp=tcp+1} {if($7 == "udp") udp=udp+1} {if($7 == "icmp") icmp=icmp+1}
> {if($7 != "tcp" && $7 != "udp" && $7 != "icmp" ) other=other+1} END{
> print "TCP: " tcp, "\nUDP: " udp, "\nICMP: " icmp, "\nOther: " other}'
> | column -t
>
> It will give you an overview of tcp/udp/icmp and 'other' connections.
> What does it output for you? 99.9% of my traffic is one of these first 3.
More information about the Bro
mailing list