number of connections to the same port in 100 connections

Salman_Tara · June 30, 2016, 5:30pm

Hi everyone,
I am trying to find the number of connections having the same source ip and destination port in the last 100 connection using bro commands
I managed to get the number in all connections using:
bro-cut id.orig_h id.orgi_p < conn.log | sort| uniq -c| sort -rn

which is working fine but i need to modify this to include only the last 100 connections in the log file. is there a way to do that ?

thanks in advance

Azoff_Justin_S · June 30, 2016, 6:03pm

Give this a try:

(head -n 8 conn.log ;tail -n 100 conn.log ) | bro-cut id.orig_h id.orig_p | sort| uniq -c| sort -rn

you need the first 8 lines for the header so bro-cut works.

Topic		Replies	Views
Question on cutting down on number of conn.log entries Zeek	4	63	May 6, 2022
thank you and what does this mena? Zeek	2	73	May 6, 2022
Different Connection UID when using different modus Zeek	2	66	May 6, 2022
Connection summary question Zeek	1	50	May 6, 2022
Traffic Volume Calculation Using Bro's Connection, Log Zeek	2	56	May 6, 2022

number of connections to the same port in 100 connections

Related Topics