#!/usr/bin/perl -w
#
# sumscanports
#
# Summarize scanned TCP ports from tethereal output.
# Gives an indication as to what ports were scanned by the
# attacker and the total unique scanned.
#
# Nick DeBaggis
#

use strict;

my %hash;
my @ports;
my @line;
my $count;

while(<>){
   chomp;
   @line = split;
   $hash{$line[8]}++;
}

@ports = sort {$a <=> $b} keys %hash;
$count = @ports;
undef %hash;

print "Ports Scanned\n";
print "-------------\n";
foreach(analyze()){
   print "$_\n";
}
print "-------------\n";
print "Total ports scanned: $count\n";

sub analyze {

   my @portstr;
   my $min = 0;
   my $max = 0;
   my $tstr;

   $tstr = $min = $ports[0];

   for(my $n = 1; $n < @ports; $n++){

      if(($ports[$n] - $ports[$n - 1]) > 1){
         $tstr = "$min";
         if($max){
            $tstr .= "-" . "$max";
         }
         push @portstr, $tstr;
         $min = $ports[$n];
         $max = 0;
         $tstr = ();
      }
      else{
         $max = $ports[$n];
      }
   }

   $tstr = "$min";
   if($max){
      $tstr .= "-" . "$max";
   }
   push @portstr, $tstr;
   return @portstr;
}