So I have been put in charge of using the wireshark program called pilot in order to mimic results of a network test that we did. But alas! pilot wasn't working on me, and while waiting for tech support to get back to me; I figured I would take matters into my own hands and come up with a free-ware alternative.
I am using the tcptrace program to read the log files from wireshark, and Ploticus to pipe the data to a graph. tcptrace can create graphs, but not of tcp ports/percentages. So Im in the process of whipping up a bash/awk script that takes the output from tcptrace's port information dump, cleans up and drops it into a file that ploticus can read, in megabytes.
The really quick and dirty way to get the top 10 TCP port usage in bytes is as follows:
tcptrace -xtraffic <.cap file>
#this outputs a file called traffic_byport.dat)
sort -nr -k 4 traffic_byport.dat | awk 'NR==2,NR==11' > TCPtop10
#this numerically & reverse sorts column 4 of traffic_byport.dat (the bytes data),
# then it prints out lines 2-11 (line 1 has title data, don't need it for the script)
# after awking, it prints out the top 10 TCP port usage, in bytes.
I have also spit out a very rough and dirty way to transform the bytes to megabytes with a .00 decimal place in order to graph the data properly. But Im going to look into a better way to merge columns in awk before I post anything.
Hi Techie. Another free alternative to Pilot is WildPackets Compass.
ReplyDelete