8

How to parse in linux sniffer results on the fly?

view full story
linux-howto

http://stackoverflow.com – I want to sort and calculate how much clients downloaded files (3 types) from my server. I installed tshark and ran followed command that should capture GET requests: `./tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R'http.request.method == "GET"'` so sniffer starts to work and every second I get new row, here is a result: 0.000000 144.137.136.253 -> 192.168.4.7 HTTP GET /pids/QE13_593706_0.bin HTTP/1.1 8.330354 1.1.1.1 -> 2.2.2.2 HTTP GET /pids/QE13_302506_0.bin HTTP/1.1 17.231572 1.1.1.2 -> 2.2.2.2 HTTP GET /pid (HowTos)