Login or Register to Ask a Question and Join Our Community


Shell Programming and Scripting

write a script to parse some tcpdump output

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting write a script to parse some tcpdump output
# 1  
Old 02-04-2009
write a script to parse some tcpdump output
i am trying to write a script to parse some tcpdump output, in each line of the tcpdump output, I know for sure there are 3 keywords exist:

User{different usernamehere}

NAS_ipaddr{different ip here}

Calling_station{ip or dns name here}

But the positions for these 3 keywords in the line are somehow random, I can not expect where the keyword will appear.


for example, it can be

10:00 1.2.3.4 4.5.6.7 User{test} bla NAS_ipaddr{1.2.3.6} blaba Calling_station{2.2.2.2} blablalba
10:06 blabla NAS_ipaddr{2.2.3.6} blaba Calling_station{2.2.2.2} blablalba User{test} bla
10:08 User{test} NAS_ipaddr{2.2.3.6} blabla Calling_station{a.b.c.d}

You will notice there is no fixed format for each line, and between the keywords there may or maynot have some other random words.

So is it possible read all the cotent, and extract only User{}, NAS_ipaddr{} and Calling_station{i } , then rearrange the output, put user first, nas_ipaddress second and calling_station third?
# 2  
Old 02-04-2009
You should show some effort to solve your problem.
Anyway you can start from here:
Code:
awk '{for(i=1;i<=NF;i++){if($i~"User"){a=$i}if($i~"NAS_ip"){b=$i}if($i~"Calling_station"){c=$i}}print a,b,c}' logfile

# 3  
Old 02-05-2009
thanks a lot!

Never thought about this way. Digging more awk guides now Smilie
# 4  
Old 02-05-2009
Sorry, while I am still looking at different awk articles, can someone tell me why my script does not work on this simple line?

16:19:34.898709 1.1.1.1 > 2.2.2.2.1645: rad-access-req 83 [id 94] Attr[ User{test} Pass NAS_port{66} NAS_port_type{Virtual} Calling_station{20.2.2.2}.2.2.2
} NAS_ipaddr{6.1.1.1} ]

And here is my script

Code:
awk '{
	for (i=1; i<=NF; i++) 
	
	if($i~/User/) { 
	a=$i 
	}

	if($i~/Calling_station/) { 
	b=$i 
        }

	{print a, b}
  }' test

I run the script but only get the "User{test}" as a result, why the calling_station does not show up in the result? Thanks!
Last edited by Franklin52; 02-05-2009 at 01:55 PM.. Reason: adding code tags
# 5  
Old 02-05-2009
You forgot to enclose the commands of the for loop within braces:

Code:
awk '{
  for (i=1; i<=NF; i++) {
    if($i~/User/) {
      a=$i
    }
    if($i~/Calling_station/) {
      b=$i
    }
  }
  {print a, b}
}' test

Regards
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Need a script to parse data and output to csv

I am not too savvy with arrays and am assuming that what I am looking for needs arrays. This is my requirement. So I have the raw data that gets updated to a log as shown below StudentInfo: FullInfo = { Address = Newark Age = 20 Name= John } StudentInfo:... (2 Replies)
Discussion started by: sidnow
2 Replies

2. Cybersecurity

Need Help with this TCPDUMP output...

Hello everyone, so I'm getting this tcpdump, and it looks like..quite a mess... Can anyone decipher this? I can tell that one IP is requesting DNS info? but I'm having trouble finding out what some of the fields actually mean.. 19:44:50.707637 IP 66.81.1.252.53 > 64.147.113.139.28638: 52313... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

3. Shell Programming and Scripting

How to write this script:- check output word and send a mail?

Hi Guys, I am not Good at scripting. I need to write a script such that if output of command shows the particular word in output then send mail to abc@compay.com -bash-3.2$ ps -ef | grep bpbkar root 6040 1 0 13:05:19 ? 0:00 bpbkar -r 2678400 -ru root -dt 47395 -to 0... (20 Replies)
Discussion started by: manalisharmabe
20 Replies

4. Shell Programming and Scripting

tcpdump script to parse "packers captured" details

I want a script that would do as:- a) gives me packet capture account for each time it runs. b) be able to run at a particular time for specific period time duration (1 min). c) for each time it runs it saves the time / day. Is there a way where i can capture the details as seen in the... (2 Replies)
Discussion started by: lazerz
2 Replies

5. Shell Programming and Scripting

Write output to a file using Korn shell script

All, Can anyone please help me with the below scenario in korn shell script. Can anyone please give me some hints to proceed on this. I have a Flat file of the below format. Input file format:... (1 Reply)
Discussion started by: sp999
1 Replies

6. Shell Programming and Scripting

Write Awk output to a file , inside script.

Hi, Can anyone please help me with this issue. I have a Awk command which take file as input, and provides the output having multiple lines, its working in command mode, but not if i plug it in script. #!/bin/ksh infile=a.txt outfile=b.txt awk ' BEGIN{ FS=OFS="|";ORS = "\n";... (1 Reply)
Discussion started by: sp999
1 Replies

7. Shell Programming and Scripting

Script to parse TOP output for Excel

I'd like to parse TOP output file containing data like the below, and then be able to import the parsed file in to Excel where I can easily generate graphs. Ideally, the output would have a single column for each value in the output. Any thoughts on how to get started with this, or a better... (3 Replies)
Discussion started by: NoMasVentanas
3 Replies

8. Shell Programming and Scripting

Perl script to parse output and print it comma separated

I need to arrange output of SQL query into a comma separated format and I'm struggling with processing the output... The output is something like this: <Attribute1 name><x amount of white spaces><Atribute value> <Attribute2 name><x amount of white spaces><Atribute value> <Attribute3... (2 Replies)
Discussion started by: Juha
2 Replies

9. Shell Programming and Scripting

analyzing tcpdump output

hello, i have a lot of pcap files (tcpdump output) that i want to compare. every tcpdump output has two file, server and client. what i want to do is: 1. take timestamp, source address, destination address, and packet id from each file (server and client) 2. find the packets sent from... (0 Replies)
Discussion started by: slumpia
0 Replies

10. Shell Programming and Scripting

To parse through the file and print output using awk or sed script

suppose if u have a file like that Hen ABCCSGSGSGJJJJK 15 Cock ABCCSGGGSGIJJJL 15 * * * * * * : * * * . * * * : Hen CFCDFCSDFCDERTF 30 Cock CHCDFCSDHCDEGFI 30 * . * * * * * * * : * * :* : : . The output shud be where there is : and . It shud... (4 Replies)
Discussion started by: cdfd123
4 Replies
Login or Register to Ask a Question