#!/bin/bash
################################################################################
#			trafficAnalyzer.sh
################################################################################
# This script reads in a pcap network capture to analyze traffic. It
# will output a table with columns representing a count of packets, a source
# MAC address and its IP address, and a destination MAC address and its IP
# address.
#
# Usage:
# 	trafficAnalyzer.sh capture.pcap
#
# Author: Tom Samstag http://modtwo.com
# Version: 0.1
# Date: 2010-02-01
#
# Copyright 2009 Tom Samstag, modtwo (at) modtwo (dot) com
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

if [ $# -ne 1 ]
then
	echo "Usage: $0 pcapFile" >&2
	exit
fi

tshark -r $1 -T fields -e eth.src -e ip.src -e eth.dst -e ip.dst | sort | uniq -c | sort -n