learingperl01
MIS
Hello,
Wondering if someone could please help me/point me in the right direction. I am pretty new to PHP and some of the fuctions/way to do things. Below is a copy of my script, here is what I am trying to do. I am trying to compare two elements(grouped) against all other records in a file. I want to only print elements which are not seen more than once based on the two elements ($time and $t_ip). What I want to accomplish is if the script sees two of the same pairs more then once the ignore all others and only print it once. For example:
Record 1 $time = 22:00:11 $t_ip = 1.1.1.1:221
Record 2 $time = 22:03:34 $t_ip = 1.1.1.1:221
Record 3 $time = 22:00:11 $t_ip = 1.1.1.1:221
Echo should only show record 1 and record 2, since record 3 is a dup it should be ignored.
Let me know if you guys have any questions.
Thanks for the help in advance
Wondering if someone could please help me/point me in the right direction. I am pretty new to PHP and some of the fuctions/way to do things. Below is a copy of my script, here is what I am trying to do. I am trying to compare two elements(grouped) against all other records in a file. I want to only print elements which are not seen more than once based on the two elements ($time and $t_ip). What I want to accomplish is if the script sees two of the same pairs more then once the ignore all others and only print it once. For example:
Record 1 $time = 22:00:11 $t_ip = 1.1.1.1:221
Record 2 $time = 22:03:34 $t_ip = 1.1.1.1:221
Record 3 $time = 22:00:11 $t_ip = 1.1.1.1:221
Echo should only show record 1 and record 2, since record 3 is a dup it should be ignored.
Let me know if you guys have any questions.
Thanks for the help in advance
Code:
[b]
<?php
$cmd = "tcpdump -nnttttr $argv[1] ";
echo $cmd, "\n";
exec($cmd,$result);
# Extract Required fields/elements
foreach ($result as $single_line) {
$single_line = trim($single_line);
$row = explode(" ", $single_line);
$stime = $row[1];
$t_ip = $row[5];
$time = explode(".", $stime);
$tip = explode(".", $t_ip);
$tport = explode(".",$t_ip);
echo $time[0], " "; echo $t_ip, "\n";
}
[/b]
The records/output that is being read in from the tcpdump file look as shown below. What I am trying to do is work specifically with the fields that contain time (13:19:22) and destination IP (10.10.10.1.445). What I want to do is only echo uniq/distinct parses and ignore duplicates based on those two fields. I am sure that I'm going about this the harder way and there is probably an easier way to do this which is why I am posting to the forum.
Records from the command (exec) being run
2008-06-06 13:19:22.581437 IP 192.168.1.1.4985 > 10.10.10.1.445: S 142591505:142591505(0) win 64512 <mss 1460,nop,nop,sackOK>
2008-06-06 13:19:22.581437 IP 192.168.1.1.4985 > 10.10.20.1.245: S 14259343505:1434591505(0) win 64512 <mss 1460,nop,nop,sackOK>
2008-06-06 13:19:22.581437 IP 192.168.1.2.3945 > 10.10.10.1.445: S 142591505:142591505(0) win 64512 <mss 1460,nop,nop,sackOK>
The print should only display two records based on
Final Output
2008-06-06 13:19:22.581437 IP 192.168.1.1.4985 > 10.10.10.1.445: S 142591505:142591505(0) win 64512 <mss 1460,nop,nop,sackOK>
2008-06-06 13:19:22.581437 IP 192.168.1.1.4985 > 10.10.20.1.245: S 14259343505:1434591505(0) win 64512 <mss 1460,nop,nop,sackOK>