[Coral-dev] Combining destination IPs with destination Ports
Faisal Khan
khan7 at llnl.gov
Fri Jul 16 13:36:50 PDT 2010
Hi,
I am having this problem and was hoping someone can point me in the
right direction. Basically, I want to list destination IPs that have
highest number of ports accessed in a trace. I initially thought
something like this might work, which is exactly what I need
crl_flow -I -b file.pcap | t2_convert -b -F dst_IP_dst_Port_Table |
t2_top -Sf -n10 > out.txt
but it turns out the Key 'dst_IP_dst_Port_Table' is not implemented.
I then used
crl_flow -I -b file.pcap | t2_convert -b dst_IP_Proto_dst_Port_Table |
t2_convert -F dst_IP_Table | t2_top -Sf -n10 > out.txt
which could have approximated what I wanted but it turns out the table
spitted by first t2_convert is incompatible with what the second
t2_convert requires.
I was wondering if any of you know of any way to achieve what I am want
to do?
Thanks
Faisal
More information about the Coral-dev
mailing list