#!/usr/bin/perl
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Net::TcpDumpLog;
use strict;
use warnings;

if ($#ARGV gt 0 ) {
	print "Usage: pcap.pl <pcap.file>\n";
	exit;
}
my $key;
my $value;
my %sum;
my $log = Net::TcpDumpLog->new(); 
$log->read($ARGV[0]);
foreach my $index ($log->indexes) { 
  my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index); 
  my $data = $log->data($index);
  
  my $eth_obj = NetPacket::Ethernet->decode($data);    
  next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;

  my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
  next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;

  my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
  my $keyName =  $ip_obj->{src_ip}.":".$tcp_obj->{src_port}." <-> ".$ip_obj->{dest_ip}.":".$tcp_obj->{dest_port};

    if ($sum{$keyName}) {
        $sum{$keyName} = $ip_obj->{len} + $sum{$keyName};
    } else {
	 $sum{$keyName} = $ip_obj->{len};
    }
}

sub hashSort {
   $sum{$b} <=> $sum{$a};
}

    print "\tSession \t\t\t\t\tBytes Total\n";
    print "======================================================\n";
foreach $key (sort hashSort (keys(%sum))) {
    print "\t$key \t$sum{$key}\n";
}

##</code><code>##

Bytes Total
===================================================
10.11.11.11:445 <-> 22.22.22.22:47766      80000
22.22.22.22:47766 <-> 10.11.11.11:445      50000

##</code><code>##

SESSION                                    BYTES REC  BYTES SENT  TOTAL
10.11.11.11:445 <-> 22.22.22.22:47766      80000         30000     110000

##</code><code>##

FIRST KEY: 10.11.11.11:445 <-> 22.22.22.22:47766      80000
SECOND KEY: 22.22.22.22:47766 <-> 10.11.11.11:445      5000

##</code><code>##

foreach $key (keys(%sum)) {
	my @excludeList = split("<->", $key);
	my @ipportlist = split(":",$excludeList[0]);
	my $firstvalue = trim($ipportlist[0]); # ip address of first	
	my $secondvalue = $ipportlist[1]; # Port of first		
	@ipportlist = split(":",$excludeList[1]);
	my $thirdvalue = trim($ipportlist[0]); # ip address of first
	my $forthvalue = $ipportlist[1]; # Port of firstk	
	foreach $keyx (keys(%sum))		{
		@excludeList = split("<->", $keyx);
		@ipportlist = split(":",$excludeList[0]);
		my $five = trim($ipportlist[0]); # ip address of first		
		my $six = $ipportlist[1]; # Port of first
		@ipportlist = split(":",$excludeList[1]);
		my $seven = trim($ipportlist[0]); # ip address of first
		my $eight = $ipportlist[1]; # Port of first
		{							
			if ((($firstvalue eq $seven) && ($secondvalue == $eight)) && (($forthvalue == $six) && ($thirdvalue eq $five)))
				{	
					$othcnt = $othcnt + 1;				
					my $suma;			
					$suma = $sum{$key} + $sum{$keyx};
					print "$key \t $sum{$key} \t $sum{$keyx} \t $suma \n";								
				}
			}
		}	
}