Overview
nstruct is a very simple ruby script for identifying who is talking to who and on what ports. It also provides packet size statistics.
Usage
nstruct [file] [filter expression]
Sample Run
bash-2.05a$ nstruct.rb 5124and4000.pcap
Port Usage
---------
1029 ->5124
1117 ->4000
1118 ->4000
1119 ->4000
1120 ->4000
1121 ->4000
1122 ->4000
4000 ->1117 1118 1119 1120 1121 1122
5124 ->1029
Host Links
---------
192.168.127.254 -> [ 255.255.255.255 192.168.127.100 ]
sports: 1029 4000
dports: 5124 1117 1118 1119 1120 1121 1122
192.168.127.100 -> [ 255.255.255.255 192.168.127.254 ]
sports: 5124 1117 1118 1119 1120 1121 1122
dports: 1029 4000
Size Stats
----------
909: 3 66: 6 906: 6 71: 6 62: 6 128: 17 72: 43 158: 43 64: 79 60: 82
bash-2.05a$
bash-2.05a$ nstruct.rb 5124and4000.pcap port 5124
Port Usage
---------
1029 ->5124
5124 ->1029
Host Links
---------
192.168.127.254 -> [ 255.255.255.255 192.168.127.100 ]
sports: 1029
dports: 5124
192.168.127.100 -> [ 255.255.255.255 192.168.127.254 ]
sports: 5124
dports: 1029
Size Stats
----------
66: 6 128: 17 60: 39 72: 43 158: 43