#!/opt/vdops/bin/perl # This script extracts a summary line from each frame in a pcap file, # writing the result to a text file. It does this for every pcap file # in the current directory. # # Trace files must be named as follows: # Client side traces must have the string 'at-client' in their names # Server side traces must have the string 'at-server' in their names # And the names of paired traces must not vary otherwise # e.g. # europa-copies-10MB-file-to-mars-at-client.pcap # europa-copies-10MB-file-to-mars-at-server.pcap # # The script names the output text files as follows: # europa-copies-10MB-file-to-mars-at-client-client-source.pcap # Only frames with the source address of the client (Client Time) # europa-copies-10MB-file-to-mars-at-client-server-source.pcap # Only frames with the source address of the server (Network + Server Time) # europa-copies-10MB-file-to-mars-at-server-client-source.pcap # Only frames with the source address of the client (Network + Client Time) # europa-copies-10MB-file-to-mars-at-server-server-source.pcap # Only frames with the source address of the server (Server Time) # V Who When What # --------------------------------------------------------------------------- # 1.1.0 skendric 2011-11-13 More debugging # 1.0.1 skendric 2011-09-16 Use more verbose file names # 1.0.0 skendric 2011-09-11 First version # # To do # Currently, it relies on hard-coded strings to distinguish between client # side and server side traces. Replace with command-line input. # # Load modules use strict; use warnings FATAL => 'all'; use feature 'say'; use feature 'switch'; use English; use Getopt::Std; use Regexp::Common; # Declare variables my $debug; # Integer 0 - 3 my $handle; # Output file handle my %option; my $program_name; # Name of this script my $tshark; # Location of tshark binary my $version; # Version number of this script # Define variables $debug = 0; $program_name = 'extract-summary-lines-from-pcap'; $version = '1.1.0'; $tshark = '/usr/sbin/tshark -t d -E header=y -F k12text'; # Set AUTOFLUSH to true to support printing debug output $OUTPUT_AUTOFLUSH = 1; # Grab arguments getopts('d:', \%option); $debug = $option{d} if defined $option{d}; die "Usage: $program_name -d {integer}" unless $RE{num}{int}->matches($debug); # Open current directory opendir $handle, '.' or die "Cannot open current directory: $!"; # Create text versions FILE: while (defined (my $file = readdir($handle))) { my ($base, $client1, $client2, $server1, $server2); next FILE if $file =~ /^\.\.?$/; next FILE if -d $file; next FILE if $file =~ /\.swp/; next FILE if $file =~ /\.txt/; next FILE unless $file =~ /\.pcap/; say "Processing $file" if $debug; ($base = $file) =~ s/\.pcap//; say " Using $base" if $debug > 1; given ($base) { when (/at-client/) { system("$tshark -r $file -R tcp.dstport==445 > $base-with-client-as-source.txt"); system("$tshark -r $file -R tcp.srcport==445 > $base-with-server-as-source.txt"); } when (/at-server/) { system("$tshark -r $file -R tcp.dstport==445 > $base-with-client-as-source.txt"); system("$tshark -r $file -R tcp.srcport==445 > $base-with-server-as-source.txt"); } } } closedir $handle or warn "Cannot close current directory: $!";