Overview

nstruct is a very simple ruby script for identifying who is talking to who and on what ports. It also provides packet size statistics.

Usage

nstruct [file] [filter expression]

Sample Run

bash-2.05a$ nstruct.rb 5124and4000.pcap 

Port Usage
---------
1029 ->5124 
1117 ->4000 
1118 ->4000 
1119 ->4000 
1120 ->4000 
1121 ->4000 
1122 ->4000 
4000 ->1117 1118 1119 1120 1121 1122 
5124 ->1029 


Host Links
---------
192.168.127.254 -> [  255.255.255.255  192.168.127.100  ]

sports: 1029 4000 
dports: 5124 1117 1118 1119 1120 1121 1122 


192.168.127.100 -> [  255.255.255.255  192.168.127.254  ]

sports: 5124 1117 1118 1119 1120 1121 1122 
dports: 1029 4000 


Size Stats
----------
909: 3  66: 6   906: 6  71: 6   62: 6   128: 17 72: 43  158: 43 64: 79  60: 82

bash-2.05a$
bash-2.05a$ nstruct.rb 5124and4000.pcap port 5124

Port Usage
---------
1029 ->5124 
5124 ->1029 


Host Links
---------
192.168.127.254 -> [  255.255.255.255  192.168.127.100  ]

sports: 1029 
dports: 5124 


192.168.127.100 -> [  255.255.255.255  192.168.127.254  ]

sports: 5124 
dports: 1029 


Size Stats
----------
66: 6   128: 17 60: 39  72: 43  158: 43