每k秒/ ms /的平均tcpdump

时间:2016-05-10 22:11:31

标签: linux bash shell awk tcpdump

我有一个小问题,希望你能帮助我。 我们采用以下输入文件(使用tcpdump生成):

00:20:30.812373 52
00:20:30.833678 52
00:20:30.971499 52
00:20:30.993451 52
00:20:31.067043 634
00:20:31.067075 98
00:20:31.068532 31
00:20:31.068532 59
00:20:31.068547 31
00:20:31.068547 59
00:20:31.184758 417
00:20:31.184758 445
00:20:31.184807 205
00:20:31.184807 233
00:20:31.184907 417
00:20:31.184907 445
00:20:31.184945 205
00:20:31.184945 233
00:20:31.188924 52
00:20:31.305726 60
00:20:31.479941 52
00:20:31.491047 1500
00:20:31.491100 652
00:20:31.491118 1500
00:20:31.491133 652
00:20:31.491147 1500
00:20:31.491164 1500
00:20:31.491181 1500
00:20:31.491968 1500
00:20:31.492013 399
00:20:31.492222 399
00:20:31.624795 298
00:20:31.624828 150
00:20:31.634180 798
00:20:31.749103 52
00:20:31.777212 90
00:20:31.869180 212
00:20:31.872662 1500
00:20:31.879724 652
00:20:31.879789 1500
00:20:31.879836 652
00:20:31.879853 186
00:20:31.879867 1500
00:20:31.879882 652
00:20:31.879897 1500
00:20:31.881002 1500
00:20:31.881043 748
00:20:31.883412 1462
00:20:31.883451 1500
00:20:31.885246 652
00:20:31.888708 671
00:20:31.888747 1462
00:20:31.888763 1462
00:20:31.888776 1500
00:20:31.888788 652
00:20:31.954071 1500
00:20:31.954135 1500
00:20:32.010601 1500
00:20:32.010662 1500
00:20:32.015464 1500
00:20:32.015504 1500
00:20:32.025184 1500
00:20:32.025220 757
00:20:32.037594 33
00:20:32.037594 61
00:20:32.037612 33
00:20:32.037612 61
00:20:32.141523 1462
00:20:32.141574 1462
00:20:32.142381 1500
00:20:32.146000 652
00:20:32.146035 824

我必须使用awk(或bash中的其他东西)来计算avg_time avg_size,计算每个k的平均值(k - 可以是秒,分钟,30秒,10毫秒,1分数一秒)。结果文件将包含具有每个k的平均值的行。

我无法跳过时间,即使k = 30秒并且没有行,我必须在结果文件中显示该行,其中avg_time和0表示avg_size。结果将被绘制。

我怎么能这样做? 非常感谢你。 :)

1 个答案:

答案 0 :(得分:0)

你可以用awk做这样的事情:

<ul><li>my text</li></ul><ul><li>my text</li></ul>

文件

使用awk -F"[:. ]" -v k=1 -v d=1000000 '{ timea=$1":"$2":"$3"."$4 time=mktime("2000 00 00 "$1" "$2" "$3)""$4 } NR==1{ starta=timea start=time; a[avg]=$5; b=1 } start>(time-(d*k)){ a[avg]+=$5; b++ enda=timea } start<=(time-(d*k)){ print starta"-"enda,a[avg]/b; starta=timea; start=time; b=1; a[avg]=$5 } END{ print starta"-"timea,a[avg]/b }' 将时间转换为纪元时间并添加mktime。 在这里,由于时间以微秒为单位来获得每秒的平均值,因此$4k的值1d1000000

一分钟:10^6k=1d=100000

30秒:10^4k=30d=1000000)或10^6k=3d=1000000

10毫秒:10^5k=10d=1000000) 等...

对于输入,您提供的O / P将是(平均1分钟):

10^4

O / p格式:00:20:30.812373-00:20:31.777212 443.946 00:20:31.869180-00:20:32.146035 1036.33

相关问题
最新问题