Hi,

My first post to this group...

I have a need to to parse a source file which is a capture from a network analyser.

I have two fields that need to be checked:
- Field 7 represents the packet length (an integer), and
Field 4 represents a network address (e.g. 192.168.25.3)

- The first check is to find 2 consecutive lines that have the same integer in Field 7 i.e. the same length. Original file may not always have these lines consecutive though, but I am ok to ignore those lines if it is too difficult to include those.
- Then, once we have these two lines, check the text in Field 4 for these lines and inidicate the value within the text that is 'first' and increment a variable.

What I'm after is to understand how many times address A is first compared to address B.


My expected output from the sample below would be:

"239.25.30.25 is first once" and "239.25.30.26 is first twice.

Even an output like "239.25.30.25 - 1, 239.25.30.26 - 2" would be great.


Example source:


No. Time Source Destination Protocol Info Length
1 20:44:19.525910000 192.168.30.25 239.25.30.25 UDP Source port: dnp Destination port: 20000 94
2 20:44:19.525932000 192.168.30.26 239.25.30.26 UDP Source port: dnp Destination port: 20000 94
3 20:44:19.525989000 192.168.30.26 239.25.30.26 UDP Source port: dnp Destination port: 20000 114
4 20:44:19.526037000 192.168.30.25 239.25.30.25 UDP Source port: dnp Destination port: 20000 114
13 20:44:19.693262000 192.168.30.26 239.25.30.26 UDP Source port: dnp Destination port: 20000 193
14 20:44:19.693295000 192.168.30.25 239.25.30.25 UDP Source port: dnp Destination port: 20000 193



I believe Awk should be able to take of this, but my awk skills are not good enough to come up with something decent.


I hope someone may be able to point me in the right direction.

Thanks,
Mario

awk '
    $1 ~ /^[0-9]/ {
        if (!last) { last=$12; ip=$4 }
        else
        {
            if (last==$12) ipc[ip]++
            last=0
        }
    }

    END { for (ip in ipc) print ip, ipc[ip] }
' inputfile

somethng like this you can try

awk 'BEGIN { prev=0 ; count=1 } { if ( prev==$NF) count++;else { count=1;;prev=$NF } print $4,"-", $12 "- " count}'  File.txt

i couldn't understand your problem(req) fully but i tried this..

awk 'FNR%2{var=$NF;next}{if(var==$NF){if($4=="239.25.30.26"){v25 += 1}else{v26 += 1}}}END{print "239.25.30.25 - "v25"\n239.25.30.26 - "v26}' filename

That's great, you've given me what I needed!!

Thank you so much for replying.


Best Regards,
Mario

vidyadhar85,

To answer your question, I have a text file containing data from a network capture.

The data is duplicated (on purpose) and is sent to two destinations (multicast addresses). Sometimes data for one destination is received first, other times data to the other destination is first.

I'm trying to work out which destination is usually first depending on the sample I capture.

I've just seen that depending on which awk string I run from the replies above, I get different output / results from the replies received, so will probably still need to verify which gives me the most correct answer for a particular sample.


I think cambridge's script works best for me so far.


Thanks again.

Mario

Note that my script only works with consecutive lines. It gets more convoluted if you want to handle other cases, as you'll need to decide how many lines should be allowed between each for it to be a valid sample.