tcpdump
tcpdump copied to clipboard
the-tcpdump-group
Add --overview and --no-print options to tcpdump
This PR adds the following command line options to tcpdump.
--overview: to print an overview of the contents of the capture --no-print: to suppress printing of individual packets (useful with --overview)
The --overview option prints output that looks like the following. It can be used with either a live capture or a capture file (-r option).
OVERVIEW
--------
packets_captured: 331
bytes_captured: 132951
seconds: 7
hours: 0.00
SRC DST PACKETS BYTES
192.168.1.73 239.255.133.141 7 1101
192.168.1.74 239.255.133.141 69 8665
192.168.1.112 34.107.221.82 1 66
192.168.1.71 239.255.133.141 9 774
34.107.221.82 192.168.1.112 1 66
192.168.1.75 239.255.133.141 13 1615
192.168.1.112 34.160.144.191 2 178
34.160.144.191 192.168.1.112 2 178
63.254.192.168 1.122.0.0 6 360
192.168.1.142 224.0.0.251 2 140
192.168.1.116 224.0.0.251 8 712
192.168.1.112 192.168.100.1 2 200
192.168.1.76 239.255.133.141 8 688
192.168.1.108 224.0.0.251 9 843
192.168.100.1 192.168.1.112 2 261
192.168.1.110 224.0.0.251 8 712
192.168.1.71 239.255.255.250 9 3309
192.168.1.76 239.255.255.250 9 3309
192.168.1.70 239.255.133.141 5 430
1.0.3.0 12.244.31.84 1 60
192.168.1.72 239.255.133.141 6 1022
78.11.192.168 1.73.255.255 1 60
192.168.1.75 239.255.255.250 9 3309
192.168.1.122 255.255.255.255 2 120
192.168.1.104 224.0.0.251 7 535
0.0.0.0 255.157.127.146 1 151
192.168.1.71 224.0.0.251 1 80
192.168.1.100 224.0.0.251 1 394
192.168.1.74 224.0.0.251 1 80
192.168.1.124 224.0.0.251 1 394
192.168.1.119 224.0.0.251 1 402
192.168.1.75 224.0.0.251 1 80
192.168.1.76 224.0.0.251 1 80
192.168.1.73 224.0.0.251 1 80
192.168.1.70 224.0.0.251 1 80
192.168.1.16 192.168.1.255 3 189
32.0.0.0 0.128.0.164 3 357
192.168.1.72 224.0.0.251 1 80
192.168.1.71 224.0.0.147 1 236
192.168.1.112 72.21.91.29 5 330
72.21.91.29 192.168.1.112 5 330
192.168.1.76 224.0.0.147 1 236
192.168.1.74 224.0.0.147 1 236
192.168.1.112 104.76.214.179 1 66
192.168.1.112 23.34.242.11 1 66
192.168.1.112 18.67.79.46 1 66
192.168.1.73 224.0.0.147 1 235
104.76.214.179 192.168.1.112 1 66
23.34.242.11 192.168.1.112 1 66
18.67.79.46 192.168.1.112 1 66
192.168.1.75 224.0.0.147 1 236
192.168.1.112 75.75.77.2 8 1173
192.168.1.112 208.80.154.224 27 2415
75.75.77.2 192.168.1.112 9 1121
208.80.154.224 192.168.1.112 24 90030
192.168.1.112 142.251.163.94 1 66
142.251.163.94 192.168.1.112 1 66
192.168.1.16 239.255.255.250 1 143
192.168.1.70 224.0.0.147 1 236
192.168.1.70 239.255.255.250 9 3309
192.168.1.72 224.0.0.147 1 235
1.0.3.0 55.47.89.35 1 60
192.168.1.112 104.18.32.68 5 270
104.18.32.68 192.168.1.112 5 300
192.168.1.112 172.253.115.94 1 66
172.253.115.94 192.168.1.112 1 66
Thank you for preparing these changes. Please note that this prototype has a few significant issues. To an extent this is caused by trying to retrofit a detailed statistics feature into a code base that is not designed to produce such output. This would be much better done in a separate program that takes a pcap savefile as an input.
In particular, please have a look at ipsumdump, which either already implements this type of statistics, or might be much easier to extend for that than tcpdump.
Hi @infrastation, thank you for looking at this PR and for your feedback. I am currently evaluating ipsumdump to see if it meets our needs and if not, if we could extend it instead. Thank you for your suggestion.