traffic-classify
上传用户:rrhhcc
上传日期:2015-12-11
资源大小:54129k
文件大小:11k
- #!/usr/bin/perl -w
- #
- # Copyright (C) 2001 by USC/ISI
- # All rights reserved.
- #
- # Redistribution and use in source and binary forms are permitted
- # provided that the above copyright notice and this paragraph are
- # duplicated in all such forms and that any documentation, advertising
- # materials, and other materials related to such distribution and use
- # acknowledge that the software was developed by the University of
- # Southern California, Information Sciences Institute. The name of the
- # University may not be used to endorse or promote products derived from
- # this software without specific prior written permission.
- #
- # THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
- # WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
- # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- #
- # An perl script takes a tcpdump trace as input and outputs
- # statistics (total # of packetz and total size) of each type of traffic
- #
- # This work is supported by DARPA through SAMAN Project
- # (http://www.isi.edu/saman/), administered by the Space and Naval
- # Warfare System Center San Diego under Contract No. N66001-00-C-8066
- $total=0;
- $http=0;
- $nntp=0;
- $ftp=0;
- $domain=0;
- $ntp=0;
- $smtp=0;
- #$icmp=0;
- $realaudio=0;
- $pop3=0;
- $time=0;
- $webcache=0;
- $ssh=0;
- $squid=0;
- $telnet=0;
- $cvs=0;
- $h323=0;
- $datametric=0;
- $x11=0;
- $phonebook=0;
- $snmp=0;
- $syslog=0;
- $gopher=0;
- $bgp=0;
- $auth=0;
- $rtsp=0;
- #$gris=0;
- $other=0;
- $totals=0;
- $https=0;
- $nntps=0;
- $ftps=0;
- $domains=0;
- $ntps=0;
- $smtps=0;
- $realaudios=0;
- $others=0;
- $pop3s=0;
- $times=0;
- $webcaches=0;
- $sshs=0;
- $squids=0;
- $telnets=0;
- $cvss=0;
- $h323s=0;
- $datametrics=0;
- $x11s=0;
- $phonebooks=0;
- $snmps=0;
- $syslogs=0;
- $gophers=0;
- $bgps=0;
- $auths=0;
- $rtsps=0;
- #$griss=0;
- $httpP= "80";
- $httpsP= "443";
- $sshP= "22";
- $squidP= "3128";
- $datametricsP= "1645";
- $phonebookP= "767";
- $x11P= "6000";
- $telnetP= "23";
- $webcacheP= "8080";
- $cvspserverP= "2401";
- $domainP= "53";
- $nntpP= "119";
- $ntpP= "123";
- $h323gatediscP= "1718";
- $h323gatestatP= "1719";
- $h323hostcallP= "1720";
- $pop3P= "110";
- $timeP= "37";
- $ftpdataP= "20";
- $ftpP= "21";
- $smtpP= "25";
- $snmpP= "161";
- $gopherP= "70";
- $authP= "11";
- $rtspP= "554";
- $bgpP= "179";
- $syslogP= "514";
- while (<>) {
- ($time1,$time2,$ip11,$ip12,$ip13,$ip14,$srcPort,$dummy2,$ip21,$ip22,$ip23,$ip24,$dstPort,$dummy3,$proto,$size) = split(/[.: ]/,$_);
- #print join("#",split(/[.: ]/,$_));
- $time1="";
- $time2="";
- # $dummy1="";
- $dummy2="";
- $dummy3="";
- $ip11="";
- $ip12="";
- $ip13="";
- $ip14="";
- $ip21="";
- $ip22="";
- $ip23="";
- $ip24="";
- if (defined($proto) && defined($size)) {
- if (($proto eq "udp") || ($proto eq "tcp")) {
- if (defined($srcPort) && defined($dstPort) && ($size < 1500)) {
- if (($srcPort eq $httpP) || ($dstPort eq $httpP)) {
- $https=$https+$size;
- }
- elsif (($srcPort eq $httpsP) || ($dstPort eq $httpsP)) {
- $https=$https+$size;
- }
- elsif (($srcPort eq $sshP) || ($dstPort eq $sshP)) {
- $sshs=$sshs+$size;
- }
- elsif (($srcPort eq $squidP) || ($dstPort eq $squidP)) {
- $squids=$squids+$size;
- }
- elsif (($srcPort eq $datametricsP) || ($dstPort eq $datametricsP)) {
- $datametrics=$datametrics+$size;
- }
- elsif (($srcPort eq $phonebookP) || ($dstPort eq $phonebookP)) {
- $phonebooks=$phonebooks+$size;
- }
- elsif (($srcPort eq $x11P) || ($dstPort eq $x11P)) {
- $x11s=$x11s+$size;
- }
- elsif (($srcPort eq $telnetP) || ($dstPort eq $telnetP)) {
- $telnets=$telnets+$size;
- }
- elsif (($srcPort eq $webcacheP) || ($dstPort eq $webcacheP)) {
- $webcaches=$webcaches+$size;
- }
- elsif (($srcPort eq $cvspserverP) || ($dstPort eq $cvspserverP)) {
- $cvss=$cvss+$size;
- }
- elsif (($srcPort eq $domainP) || ($dstPort eq $domainP)) {
- $domains=$domains+$size;
- }
- elsif (($srcPort eq $ntpP) || ($dstPort eq $ntpP)) {
- $ntps=$ntps+$size;
- }
- elsif (($srcPort eq $h323gatestatP) || ($dstPort eq $h323gatestatP)) {
- $h323s=$h323s+$size;
- }
- elsif (($srcPort eq $h323hostcallP) || ($dstPort eq $h323hostcallP)) {
- $h323s=$h323s+$size;
- }
- elsif (($srcPort eq $h323gatediscP) || ($dstPort eq $h323gatediscP)) {
- $h323s=$h323s+$size;
- }
- elsif (($srcPort eq $pop3P) || ($dstPort eq $pop3P)) {
- $pop3s=$pop3s+$size;
- }
- elsif (($srcPort eq $timeP) || ($dstPort eq $timeP)) {
- $times=$times+$size;
- }
- elsif (($srcPort eq $nntpP) || ($dstPort eq $nntpP)) {
- $nntps=$nntps+$size;
- }
- elsif (($srcPort eq $ftpP) || ($dstPort eq $ftpP)) {
- $ftps=$ftps+$size;
- }
- elsif (($srcPort eq $ftpdataP) || ($dstPort eq $ftpdataP)) {
- $ftps=$ftps+$size;
- }
- elsif (($srcPort eq $smtpP) || ($dstPort eq $smtpP)) {
- $smtps=$smtps+$size;
- }
- elsif (($srcPort eq $snmpP) || ($dstPort eq $snmpP)) {
- $snmps=$snmps+$size;
- }
- elsif (($srcPort eq $gopherP) || ($dstPort eq $gopherP)) {
- $gophers=$gophers+$size;
- }
- elsif (($srcPort eq $authP) || ($dstPort eq $authP)) {
- $auths=$auths+$size;
- }
- elsif (($srcPort eq $rtspP) || ($dstPort eq $rtspP)) {
- $rtsps=$rtsps+$size;
- }
- elsif (($srcPort eq $bgpP) || ($dstPort eq $bgpP)) {
- $bgps=$bgps+$size;
- }
- elsif (($srcPort eq $syslogP) || ($dstPort eq $syslogP)) {
- $syslogs=$syslogs+$size;
- }
- elsif (($srcPort eq "6970") || ($dstPort eq "6970")) {
- $realaudios=$realaudios+$size;
- }
- else {
- $others=$others+$size;
- }
- $totals=$totals+$size;
- }
- }
- }
- if (defined($srcPort) && defined($dstPort)) {
- if (($srcPort eq $httpP) || ($dstPort eq $httpP)) {
- $http=$http+1;
- }
- elsif (($srcPort eq $httpsP) || ($dstPort eq $httpsP)) {
- $http=$http+1;
- }
- elsif (($srcPort eq $domainP) || ($dstPort eq $domainP)) {
- $domain=$domain+1;
- }
- elsif (($srcPort eq $webcacheP) || ($dstPort eq $webcacheP)) {
- $webcache=$webcache+1;
- }
- elsif (($srcPort eq $sshP) || ($dstPort eq $sshP)) {
- $ssh=$ssh+1;
- }
- elsif (($srcPort eq $phonebookP) || ($dstPort eq $phonebookP)) {
- $phonebook=$phonebook+1;
- }
- elsif (($srcPort eq $x11P) || ($dstPort eq $x11P)) {
- $x11=$x11+1;
- }
- elsif (($srcPort eq $snmpP) || ($dstPort eq $snmpP)) {
- $snmp=$snmp+1;
- }
- elsif (($srcPort eq $gopherP) || ($dstPort eq $gopherP)) {
- $gopher=$gopher+1;
- }
- elsif (($srcPort eq $authP) || ($dstPort eq $authP)) {
- $auth=$auth+1;
- }
- elsif (($srcPort eq $rtspP) || ($dstPort eq $rtspP)) {
- $rtsp=$rtsp+1;
- }
- elsif (($srcPort eq $bgpP) || ($dstPort eq $bgpP)) {
- $bgp=$bgp+1;
- }
- # elsif (($srcPort eq $grisP) || ($dstPort eq $grisP)) {
- # $gris=$gris+1;
- # }
- elsif (($srcPort eq $syslogP) || ($dstPort eq $syslogP)) {
- $syslog=$syslog+1;
- }
- elsif (($srcPort eq $datametricsP) || ($dstPort eq $datametricsP)) {
- $datametric=$datametric+1;
- }
- elsif (($srcPort eq $squidP) || ($dstPort eq $squidP)) {
- $squid=$squid+1;
- }
- elsif (($srcPort eq $cvspserverP) || ($dstPort eq $cvspserverP)) {
- $cvs=$cvs+1;
- }
- elsif (($srcPort eq $telnetP) || ($dstPort eq $telnetP)) {
- $telnet=$telnet+1;
- }
- elsif (($srcPort eq $ntpP) || ($dstPort eq $ntpP)) {
- $ntp=$ntp+1;
- }
- elsif (($srcPort eq $pop3P) || ($dstPort eq $pop3P)) {
- $pop3=$pop3+1;
- }
- elsif (($srcPort eq $timeP) || ($dstPort eq $timeP)) {
- $time=$time+1;
- }
- elsif (($srcPort eq $nntpP) || ($dstPort eq $nntpP)) {
- $nntp=$nntp+1;
- }
- elsif (($srcPort eq $ftpP) || ($dstPort eq $ftpP)) {
- $ftp=$ftp+1;
- }
- elsif (($srcPort eq $ftpdataP) || ($dstPort eq $ftpdataP)) {
- $ftp=$ftp+1;
- }
- elsif (($srcPort eq $smtpP) || ($dstPort eq $smtpP)) {
- $smtp=$smtp+1;
- }
- elsif (($srcPort eq $h323gatestatP) || ($dstPort eq $h323gatestatP)) {
- $h323=$h323+1;
- }
- elsif (($srcPort eq $h323hostcallP) || ($dstPort eq $h323hostcallP)) {
- $h323=$h323+1;
- }
- elsif (($srcPort eq $h323gatediscP) || ($dstPort eq $h323gatediscP)) {
- $h323=$h323+1;
- }
- elsif (($srcPort eq "6970") || ($dstPort eq "6970")) {
- $realaudio=$realaudio+1;
- }
- else {
- $other=$other+1;
- }
- $total=$total+1;
- }
- }
- print "[PROTO] [# of PKT] [% of TOTAL PKT] [SIZE] [% of TOTAL SIZE]n";
- $httpp1=$http/$total;
- $httpp2=$https/$totals;
- print "HTTP $http $httpp1 $https $httpp2n";
- $nntpp1=$nntp/$total;
- $nntpp2=$nntps/$totals;
- print "NNTP $nntp $nntpp1 $nntps $nntpp2n";
- $ntpp1=$ntp/$total;
- $ntpp2=$ntps/$totals;
- print "NTP $ntp $ntpp1 $ntps $ntpp2n";
- $domainp1=$domain/$total;
- $domainp2=$domains/$totals;
- print "DNS $domain $domainp1 $domains $domainp2n";
- $smtpp1=$smtp/$total;
- $smtpp2=$smtps/$totals;
- print "SMTP $smtp $smtpp1 $smtps $smtpp2n";
- $ftpp1=$ftp/$total;
- $ftpp2=$ftps/$totals;
- print "FTP $ftp $ftpp1 $ftps $ftpp2n";
- $snmpp1=$snmp/$total;
- $snmpp2=$snmps/$totals;
- print "SNMP $snmp $snmpp1 $snmps $snmpp2n";
- $gopherp1=$gopher/$total;
- $gopherp2=$gophers/$totals;
- print "GOPHER $gopher $gopherp1 $gophers $gopherp2n";
- #$authp1=$auth/$total;
- #$authp2=$auths/$totals;
- #print "AUTH $auth $authp1 $auths $authp2n";
- $rtspp1=$rtsp/$total;
- $rtspp2=$rtsps/$totals;
- print "RTSP $rtsp $rtspp1 $rtsps $rtspp2n";
- #$grisp1=$gris/$total;
- #$grisp2=$griss/$totals;
- #print "GRIS $gris $grisp1 $griss $grisp2n";
- $syslogp1=$syslog/$total;
- $syslogp2=$syslogs/$totals;
- print "SYSLOG $syslog $syslogp1 $syslogs $syslogp2n";
- $bgpp1=$bgp/$total;
- $bgpp2=$bgps/$totals;
- print "BGP $bgp $bgpp1 $bgps $bgpp2n";
- $webcachep1=$webcache/$total;
- $webcachep2=$webcaches/$totals;
- print "WEBCACHE $webcache $webcachep1 $webcaches $webcachep2n";
- $pop3p1=$pop3/$total;
- $pop3p2=$pop3s/$totals;
- print "POP3 $pop3 $pop3p1 $pop3s $pop3p2n";
- $datametricp1=$datametric/$total;
- $datametricp2=$datametrics/$totals;
- print "DATAMETRICS $datametric $datametricp1 $datametrics $datametricp2n";
- $timep1=$time/$total;
- $timep2=$times/$totals;
- print "TIME $time $timep1 $times $timep2n";
- $sshp1=$ssh/$total;
- $sshp2=$sshs/$totals;
- print "SSH $ssh $sshp1 $sshs $sshp2n";
- $squidp1=$squid/$total;
- $squidp2=$squids/$totals;
- print "SQUID $squid $squidp1 $squids $squidp2n";
- $telnetp1=$telnet/$total;
- $telnetp2=$telnets/$totals;
- print "TELNET $telnet $telnetp1 $telnets $telnetp2n";
- $cvsp1=$cvs/$total;
- $cvsp2=$cvss/$totals;
- print "CVS $cvs $cvsp1 $cvss $cvsp2n";
- $h323p1=$h323/$total;
- $h323p2=$h323s/$totals;
- print "H323 $h323 $h323p1 $h323s $h323p2n";
- $phonebookp1=$phonebook/$total;
- $phonebookp2=$phonebooks/$totals;
- print "PHONEBOOK $phonebook $phonebookp1 $phonebooks $phonebookp2n";
- $x11p1=$x11/$total;
- $x11p2=$x11s/$totals;
- print "X11 $x11 $x11p1 $x11s $x11p2n";
- $otherp1=$other/$total;
- $otherp2=$others/$totals;
- print "OTHER $other $otherp1 $others $otherp2n";
English
