#!/usr/bin/perl 
#Codigo para gerar estatisticas de rede
#Eh preciso que o arquivo de entrada seja no formato do tcpdump
#caso ele tenha sido gerado por algum outro sniffer (por exemplo snoop)
#eh necessario se rodar o editcap (vem junto com o ethereal) em cima do arquivo.
#
use Net::Pcap;
use NetPacket::IP qw(:ALL);
use NetPacket::Ethernet qw(:strip);
use NetPacket::TCP qw(:ALL);
use NetPacket::UDP qw(:ALL);
use NetPacket::ICMP qw(:ALL);
use FileHandle;

$ARGC = @ARGV;

STDOUT->autoflush(1);

my $err;
%pkt_hash = ();
my $totalpkt = 0;
my $totaludp = 0;
my $totaltcp = 0;
my $totalicmp = 0;
my $totallen = 0;
my $startime = 0;
my $endtime = 0;

if ( $ARGC != 1 ) {
    print "NETWORK STAT - Victor Pereira <darthvader\@deathstar.com.br\n>";
    print $0 . " <pcap file>\n";
    exit 1;
}

my $pcap_t = Net::Pcap::open_offline( $ARGV[0], \$err );

$pcap_t || die "Can't open $ARGV[0]: $err\n";
Net::Pcap::loop( $pcap_t, -1, \&process_pkt, 0 );
Net::Pcap::close($pcap_t);


foreach $key(keys %pkt_hash)
{
	my $counter = '0' x (8 - length($pkt_hash{$key})) . $pkt_hash{$key};
	push @pkt_stat,"$counter $key";	
}
@pkt_stat = sort @pkt_stat;

print "NETWORK STAT - Victor Pereira <darthvader\@deathstar.com.br>\n";
printf "-=[ TOP 10 ]=-----------------------------------------\n";
my $i = 0;
foreach $line (reverse @pkt_stat)
{
	if($i < 10)
	{
		$line =~ tr/a-z/A-Z/;
		print  $line . "\n";
	}
	else
	{
		last;
	}
	$i++;
}
print "-=[ STATISTIC ]=---------------------------------------\n";

printf("TCP [%lu]\t %d%%\n",$totaltcp,(100*$totaltcp)/$totalpkt);
printf("UDP [%lu]\t %d%%\n",$totaludp,(100*$totaludp)/$totalpkt); 
printf("ICMP[%lu]\t %d%%\n",$totalicmp,(100*$totalicmp)/$totalpkt);
$outros = $totalpkt - $totaltcp - $totaludp - $totalicmp;
printf("OUTROS [%lu]\t %d%%\n",$outros,(100*$outros)/$totalpkt);
$tput =  $totallen/($endtime - $startime);
printf ("Throughput: %lu bytes/s\n",$tput);

sub process_pkt {
    my ( $user, $hdr, $pkt ) = @_;
    my $ip_obj = NetPacket::IP->decode(eth_strip($pkt));
    $totallen = $totallen + $hdr->{len};
    
    #Se for o primeiro pacote
    if($startime == 0)
    {
    	$startime = $hdr->{tv_sec};
    }
    $endtime = $hdr->{tv_sec};
    #my $proto = $ip_obj->{proto};
    

    if($ip_obj->{proto} == IP_PROTO_TCP) {
		my $tcp_obj = NetPacket::TCP->decode(ip_strip(eth_strip($pkt)));
		my $str_tcp = "[TCP]$ip_obj->{src_ip}:$tcp_obj->{src_port}->$ip_obj->{dest_ip}:$tcp_obj->{dest_port}";
		$pkt_hash{$str_tcp}++;
		$totaltcp++;
    }
    elsif($ip_obj->{proto} == IP_PROTO_UDP) {
		my $udp_obj = NetPacket::UDP->decode(ip_strip(eth_strip($pkt)));
		my $str_udp = "[UDP]$ip_obj->{src_ip}:$udp_obj->{src_port}->$ip_obj->{dest_ip}:$udp_obj->{dest_port}";
		$pkt_hash{$str_udp}++;
		$totaludp++;
    }
    elsif($ip_obj->{proto} == IP_PROTO_ICMP) {
		my $icmp_obj = NetPacket::ICMP->decode(ip_strip(eth_strip($pkt)));
		my $str_icmp = "[ICMP]$ip_obj->{src_ip}->$ip_obj->{dest_ip}:$icmp_obj->{type}";
		$pkt_hash{$str_icmp}++;
		$totalicmp++;
    }else{
		($name,$aliases,$proto) = getprotobynumber($ip_obj->{proto});
		my $other_str = "[$name]$ip_obj->{src_ip}->$ip_obj->{dest_ip}";
		$pkt_hash{$other_str}++;
    }
    $totalpkt++;
}