Friday, January 02, 2004

Ipsumdump Summarizes Network Traffic

I came across Ipsumdump today. It's a program to read traffic and summarize what it sees in a user-defined format on one line. In the example below I watch the sf1 interface in real time and tell Ipsumdump to show a timestamp, source IP and port, and destination IP and port. Ipsumdump works against multiple interfaces simultaneously as well as pcap files and NetFlow traces. In the example below the first two packets are an ICMP echo and echo reply, followed by the beginning of an SSH session.

bourque# ipsumdump -tsSdD -i sf1
warning: sf1: no IPv4 address assigned
!IPSummaryDump 1.1
!creator "ipsumdump -tsSdD -i sf1"
!runtime 1073092478.545313 (Fri Jan 2 20:14:38 2004)
!data timestamp ip_src sport ip_dst dport
1073092486.925087 - -
1073092486.925253 - -
1073092529.535523 23924 22
1073092529.535689 22 23924
1073092529.543094 23924 22
1073092529.545758 22 23924

