v15, i09: Listing 8 Database result

Article	Figure 1	Figure 2	Listing 1	Listing 2
Listing 3	Listing 4	Listing 5	Listing 6	Listing 7
Listing 8	sep2006.tar
Listing 8 Database result

# mysql -uroot -P3306
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 21 to server version: 4.1.11-Debian_4sarge2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use netwacc
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select * from rawcpature;
+---------------------+------------+---------+------------+---------+------------+
| tstamp              | srcip      | srcport | dstip      | dstport | datalength |
+---------------------+------------+---------+------------+---------+------------+
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      0 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |      0 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |    450 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |      0 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1197 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |    420 |
| 2006-04-15 15:43:54 | 3232296705 |    1090 | 3232296832 |    80 |      0 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1090 |      0 |
| 2006-04-15 15:43:54 | 3232296705 |    1090 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |    644 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296705 |    1090 | 3232296832 |    80 |    432 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |    423 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1090 |      0 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1090 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1090 |     97 |
| 2006-04-15 15:43:54 | 3232296705 |    1090 | 3232296832 |    80 |      6 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |   1446 |
| 2006-04-15 15:43:54 | 3232296832 |      80 | 3232296705 |  1089 |    979 |
| 2006-04-15 15:43:54 | 3232296705 |    1089 | 3232296832 |    80 |      6 |
+---------------------+------------+---------+------------+-------+--------+
45 rows in set (0.00 sec)

mysql> select sum( datalength ) from rawcpature where srcport = '80' or \
  dstport = '80';
+-------------------+
| sum( datalength ) |
+-------------------+
|             27868 |
+-------------------+
1 row in set (0.00 sec)

mysql> select distinct dstip, sum( datalength ) from rawcpature group \
  by 1 order by 2 desc;
+------------+-------------------+
| dstip      | sum( datalength ) |
+------------+-------------------+
| 3232296705 |             26053 |
| 3232296832 |              1815 |
+------------+-------------------+
2 rows in set (0.01 sec)