|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
tcpdump with each line number?
Post 302449387 by type8code0 on Monday 30th of August 2010 12:10:44 PM
08-30-2010
tcpdump with each line number?
Hi all,
First of all, thanks for providing the platform so all of us can learn and ask question if there is any doubt about unix/linux system.
This is my first time here and I would like to know what is the correct switch/option in order to capture tcpdump with line number at the beginning of each packet line.
As example,
if we use tcpdump -n, we'll get this kind of output
TCPDUMP - The Easy Tutorial
I was wondering is there any way to make it like this?
Any advise would be highly appreciated. Thanks in advance 
First of all, thanks for providing the platform so all of us can learn and ask question if there is any doubt about unix/linux system.
This is my first time here and I would like to know what is the correct switch/option in order to capture tcpdump with line number at the beginning of each packet line.
As example,
if we use tcpdump -n, we'll get this kind of output
Quote:
#tcpdump -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:02:36.111595 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
22:02:36.669853 IP 68.142.64.164.27014 > 192.168.1.2.1034: UDP, length 36
22:02:41.702977 arp who-has 192.168.1.2 tell 192.168.1.1
22:02:41.702984 arp reply 192.168.1.2 is-at 00:04:11:11:11:11
22:02:45.106515 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
22:02:50.392139 IP 192.168.1.2.138 > 192.168.1.255.138: NBT UDP PACKET(138)
22:02:54.139658 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
22:02:57.866958 IP 125.175.131.58.3608 > 192.168.1.2.9501: S 3275472679:3275472679(0) win 65535
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:02:36.111595 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
22:02:36.669853 IP 68.142.64.164.27014 > 192.168.1.2.1034: UDP, length 36
22:02:41.702977 arp who-has 192.168.1.2 tell 192.168.1.1
22:02:41.702984 arp reply 192.168.1.2 is-at 00:04:11:11:11:11
22:02:45.106515 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
22:02:50.392139 IP 192.168.1.2.138 > 192.168.1.255.138: NBT UDP PACKET(138)
22:02:54.139658 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
22:02:57.866958 IP 125.175.131.58.3608 > 192.168.1.2.9501: S 3275472679:3275472679(0) win 65535
I was wondering is there any way to make it like this?
Quote:
1. 22:02:36.111595 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
2. 22:02:36.669853 IP 68.142.64.164.27014 > 192.168.1.2.1034: UDP, length 36
3. 22:02:41.702977 arp who-has 192.168.1.2 tell 192.168.1.1
4. 22:02:41.702984 arp reply 192.168.1.2 is-at 00:04:11:11:11:11
5. 22:02:45.106515 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
6. 22:02:50.392139 IP 192.168.1.2.138 > 192.168.1.255.138: NBT UDP PACKET(138)
7. 22:02:54.139658 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
8. 22:02:57.866958 IP 125.175.131.58.3608 > 192.168.1.2.9501: S 3275472679:3275472679(0) win 65535
2. 22:02:36.669853 IP 68.142.64.164.27014 > 192.168.1.2.1034: UDP, length 36
3. 22:02:41.702977 arp who-has 192.168.1.2 tell 192.168.1.1
4. 22:02:41.702984 arp reply 192.168.1.2 is-at 00:04:11:11:11:11
5. 22:02:45.106515 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
6. 22:02:50.392139 IP 192.168.1.2.138 > 192.168.1.255.138: NBT UDP PACKET(138)
7. 22:02:54.139658 IP 192.168.1.2.1034 > 68.142.64.164.27014: UDP, length 53
8. 22:02:57.866958 IP 125.175.131.58.3608 > 192.168.1.2.9501: S 3275472679:3275472679(0) win 65535
|
|
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello, I need help in appending the line number of each line to the file and also to get the total number of lines. Can somebody please help me.
I have a file say:
abc
def
ccc
ddd
ffff
The output should be:
Instance1=abc
Instance2=def
Instance3=ccc
Instance4=ddd
Instance5=ffff
... (2 Replies)
Discussion started by: chiru_h
2 Replies
2. Shell Programming and Scripting
Hi,
I have a huge file & I want to add a specific text in column. But I want to add this text from a specific line number to a specific line number & another text in to another range of line numbers.
To be more specific: lets say my file has 1000 lines & 4 Columns. I want to add text "Hello"... (2 Replies)
Discussion started by: Ezy
2 Replies
3. Shell Programming and Scripting
Hi Everybody,
I am trying to write a script that will get some perticuler data from a file and redirect to a file.
My Question is,
I have a Very huge file,In that file I have my required data is started from 25th line and it will ends in 100th line.
I know the line numbers, I need to get all... (9 Replies)
Discussion started by: Anji
9 Replies
4. UNIX for Dummies Questions & Answers
Hello Everyone.
I am trying to display contains of a file from a specific line to a specific line(let say, from line number 3 to line number 5). For this I got the shell script as shown below:
if ; then
if ; then
tail +$1 $3 | head -n $2
else
... (5 Replies)
Discussion started by: grc
5 Replies
5. Shell Programming and Scripting
Hi,
How to print the number of fields in each record with the line number?
Lets saw I have
3212|shipped|received|
3213|shipped|undelivered|
3214|shipped|received|delivered
I tried the code
awk -F '|' '{print NF}'
This gives me ouput as
3
3
4 (5 Replies)
Discussion started by: machomaddy
5 Replies
6. Shell Programming and Scripting
Hello everyone,
I don't really know anything about scripting, but I have to manage to make this script, out of necessity.
#!/bin/bash
while read -r line; do #I'm reading from a big wordlist
instructions using $line
done
Is there a way to automatically write the $line number the script... (4 Replies)
Discussion started by: bobylapointe
4 Replies
7. Shell Programming and Scripting
Hi,
I have a set of files in a directory that I have to read and replace the first occurrence of a number with another dummy number. This is what I have so far but it does not seem to work. The files have lot of other data in each row and each data element is separated by ,@,
for file in... (13 Replies)
Discussion started by: scorpioraghu
13 Replies
8. Shell Programming and Scripting
Hi All,
I've a file like this..
Sheet1
a,1
a,2
a,3
a,4
a,5
Sheet2
a,6
a,7
a,8
a,9
a,10
Sheet3
a,11
a,12
a,13 (7 Replies)
Discussion started by: manab86
7 Replies
9. Shell Programming and Scripting
my requirement is,
consider a file output
cat output
blah sdjfhjkd jsdfhjksdh
sdfs 23423 sdfsdf sdf"sdfsdf"sdfsdf"""""dsf
hellow there
this doesnt look good
et cetc etc
etcetera
i want to replace a line of line number 4 ("this doesnt look good") with some other line
... (3 Replies)
Discussion started by: vivek d r
3 Replies
10. Shell Programming and Scripting
Hi
I want to use awk to match where field 3 contains a number within string - then print the line and just the number as a new field.
The source file is pipe delimited and looks something like
1|net|ABC Letr1|1530|||
1|net|EXP_1040 ABC|1121|||
1|net|EXP_TG1224|1122|||
1|net|R_North|1123|||... (5 Replies)
Discussion started by: Mudshark
5 Replies
LEARN ABOUT FREEBSD
pflog
PFLOG(4) BSD Kernel Interfaces Manual PFLOG(4) NAME
pflog -- packet filter logging interface SYNOPSIS
device pflog DESCRIPTION
The pflog interface is a device which makes visible all packets logged by the packet filter, pf(4). Logged packets can easily be monitored in real time by invoking tcpdump(1) on the pflog interface, or stored to disk using pflogd(8). The pflog0 interface is created automatically at boot if both pf(4) and pflogd(8) are enabled; further instances can be created using ifconfig(8). Each packet retrieved on this interface has a header associated with it of length PFLOG_HDRLEN. This header documents the address family, interface name, rule number, reason, action, and direction of the packet that was logged. This structure, defined in <net/if_pflog.h> looks like struct pfloghdr { u_int8_t length; sa_family_t af; u_int8_t action; u_int8_t reason; char ifname[IFNAMSIZ]; char ruleset[PF_RULESET_NAME_SIZE]; u_int32_t rulenr; u_int32_t subrulenr; uid_t uid; pid_t pid; uid_t rule_uid; pid_t rule_pid; u_int8_t dir; u_int8_t pad[3]; }; EXAMPLES
Create a pflog interface and monitor all packets logged on it: # ifconfig pflog1 up # tcpdump -n -e -ttt -i pflog1 SEE ALSO
tcpdump(1), inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8) HISTORY
The pflog device first appeared in OpenBSD 3.0. BSD
May 31, 2007 BSD