#! /usr/bin/awk -f
#
#<ABS># Print statistics about packets captured by tcpdump.
#
#<CPY># 2004 Manfred Wassmann
#<END>#
#
# pcapstats.awk,v 1.3 2004-09-19 19:19:00 manolo Exp
#

function indent(t,l){
  if(!l){l=ENVIRON[LINES]?ENVIRON[LINES]:80}
  return((l-t)/2);
}

BEGIN{
  printf"%*s *** Analysis *** \n",indent(5+8+5)," ";
  printf"Packet types:">"/dev/stderr";
	quad="(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[0-9][0-9]|[0-9])";
	ipv4="("quad"[.]"quad"[.]"quad"[.]"quad")";
	v6qd="([0-9a-f][0-9a-f]?[0-9a-f]?[0-9a-f]?)";
  ipv6="((("v6qd":)*("v6qd"))?:("v6qd")?:("v6qd"(:"v6qd")*)?)";
  fqdn="([a-zA-Z][-0-9a-zA-Z]*[0-9a-zA-Z]([.][a-zA-Z][-0-9a-zA-Z]*[0-9a-zA-Z])+)";
	fqhn="("fqdn"|"ipv4"|"ipv6")"
	serv="([a-z][0-9a-z]+)";
	if(D){
		printf"DEBUG: patterns:\n";
		print"  ipv4="ipv4;
		print"  ipv6="ipv6;
		print"  fqdn="fqdn;
		print"  fqhn="fqhn;
	}
}

/[0-2][0-9]:[0-6][0-9]:[0-6][0-9]\.[0-9]+ /{
  if($3==">"     && $4~fqhn"[.]"serv":"){
		match($4,"[^.]+:");$2=substr($4,RSTART,RLENGTH-1);}
  else if($3==">"&& $4~fqhn":"&&match($5,"^[a-z][^:]+")){
		$2=substr($5,1,RLENGTH);}
  else if($2~fqhn"[.]"serv){sub(".*[.]","",$2);}
	else if($2~ipv6){$2="IPv6";}
  else if(($2~fqdn"[.]([0-9]+)")||($3==">"&&$4~fqdn"[.]([0-9]+)")){$2="IP";}

  if($2!~"^([a-zA-Z][0-9a-zA-z]+|802.[0-9]+[0-9a-zA-Z]*)$"){$2="IP";}

  #if(!T[$2]){if(v){print$2": >>"$0"<<\n"}else{printf" %s",$2>"/dev/stderr"}};
  if(!T[$2]){if(v){print$2": »"$2"«»"$3"«»"$4"«»"$5"«»"$6"«\n"}else{printf" %s",$2>"/dev/stderr"}};
  T[$2]++}

END{
  printf"\n%*s ### Summary ### \n",indent(5+7+5)," ";
  for(t in T)printf"%*s%-16s %8d packets\n",indent(32)," ",t,T[t]|"sort"}