unix scripts & counting tcp connections



here's a question i received on a test recently. i'm new to linux/unix so if this is easy, don't kill me. what scripting or tools could you use to count and sort the number of connections from each internal host? i'd appreciate any feedback and resources.


"the cisco pix firewall provides information in this form about network
connections going through it:
tcp out 64.233.161.99:80 in 192.168.18.52:46778 idle 0:00:00 bytes 1657961
flags uio
tcp out 209.104.39.15:80 in 192.168.18.34:52859 idle 0:06:34 bytes 1026
flags ufrio
tcp out 64.233.161.104:80 in 192.168.18.19:54409 idle 0:00:02 bytes 498219
flags uio
tcp out 209.104.39.15:80 in 192.168.18.22:52154 idle 0:00:01 bytes 1000
flags ufrio
tcp out 64.233.161.99:80 in 192.168.18.49:40441 idle 0:00:05 bytes 60293
flags uio
tcp out 64.233.161.147:80 in 192.168.18.49:41745 idle 0:00:05 bytes 1557863
flags uio

the first ip address is the host outside the firewall in the connection and
the second is the host inside the firewall. let's say i wanted to easily
count the number of connections that each inside host has open and sort them from most to least. how can i do that using shell scripting, perl scripts,
and/or basic unix tools?"

perl will be better for this



as per my experience such logs are very bulky. thus using shellscript will be very slow and it will definately consume much higher cpu as well.

you can start with some good perl beginner book. it is very easy as syntax are in-between c and shellscripting. learning perl for unix user have lot of advantage as well :-). i'd suggest you following books

effective perl programming: writing better programs with perl
by joseph n. hall, randal schwartz

learning perl, third edition
by randal l. schwartz, tom phoenix

go and buy from amazon 2nd hand hook sellers. each will cost you less then 10$. just 20$ expences against a prestigious perl programmer ;-)

hope you can do this in a shell script.



i think uio is outside connections and ufrio is for internal connections according to your output. so grep for ufrio and sort the output according to time. then achieve the required thing. if you have the exact file content let me know and give me the outputs you needed exactly. i will try a shell script..

if you have python, here's an alternative:

assuming sample input is :


code:

tcp out 64.233.161.99:80 in 192.168.18.52:46778 idle 0:00:00 bytes 1657961 flags uio
tcp out 209.104.39.15:80 in 192.168.18.34:52859 idle 0:06:34 bytes 1026 flags ufrio
tcp out 64.233.161.104:80 in 192.168.18.19:54409 idle 0:00:02 bytes 498219 flags uio
tcp out 209.104.39.15:80 in 192.168.18.22:52154 idle 0:00:01 bytes 1000 flags ufrio
tcp out 64.233.161.99:80 in 192.168.18.49:40441 idle 0:00:05 bytes 60293 flags uio
tcp out 64.233.161.147:80 in 192.168.18.49:41745 idle 0:00:05 bytes 1557863 flags uio



code:

#!/usr/bin/python
outside = {} #store outside ip address
inside = {} #store inside ip address
for line in open("cisco.log"):
        line = line.split()
        out = line[2].split(":")[0] #get out ip address, stripping the port number
        ins = line[4].split(":")[0] #get inside ip address, stripping the port number
        if not outside.has_key(out): #if ip address hasn't been seen
                outside[out] = 1 # initial count to 1
        else:
                outside[out] = outside[out] + 1 #add count

        if not inside.has_key(ins):
                inside[ins] = 1
        else:
                inside[ins] = inside[ins] + 1 #add count

print "printing count of outside ips ...."
for i,k in outside.iteritems():
        print "ip: %s , count: %d" % (i,k)

print "printing count of inside ips...."        
for i,k in inside.iteritems():
        print "ip: %s , count: %d" % (i,k)



output:

code:

printing count of outside ips....
ip : 64.233.161.99 , count: 2
ip : 64.233.161.147 , count: 1
ip : 209.104.39.15 , count: 2
ip : 64.233.161.104 , count: 1
printing count of inside ips....
ip: 192.168.18.52 , count: 1
ip: 192.168.18.34 , count: 1
ip: 192.168.18.49 , count: 2

hi i am nuts to c programming, i recieved this for my project...anyone...help?

this is wat i recieved...

write a simple tcp/ip server program in c language
the server program can listen at tcp 8080 and send out hello world
to any tcp client connect to the port 8080 (at client side use the command telnet ip address 8080)

microuniz - please review our rules - assignment questions are not permitted.

as the thread that you hijacked has run it's course anyway, i will now close it.

thanks