#!/usr/bin/perl
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Net::TcpDumpLog;
use strict;
use warnings;

if ($#ARGV gt 0 ) {
	print "Usage: pcap.pl <pcap.file>\n";
	exit;
}
my $key;
my $value;
my %sum;
my $log = Net::TcpDumpLog->new(); 
$log->read($ARGV[0]);
foreach my $index ($log->indexes) { 
  my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index); 
  my $data = $log->data($index);
  
  my $eth_obj = NetPacket::Ethernet->decode($data);    
  next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;

  my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
  next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;

  my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
  my $keyName =  $ip_obj->{src_ip}.":".$tcp_obj->{src_port}." <-> ".$ip_obj->{dest_ip}.":".$tcp_obj->{dest_port};

    if ($sum{$keyName}) {
        $sum{$keyName} = $ip_obj->{len} + $sum{$keyName};
    } else {
	 $sum{$keyName} = $ip_obj->{len};
    }
}

sub hashSort {
   $sum{$b} <=> $sum{$a};
}

    print "\tSession \t\t\t\t\tBytes Total\n";
    print "======================================================\n";
foreach $key (sort hashSort (keys(%sum))) {
    print "\t$key \t$sum{$key}\n";
}