Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 943
  • Last Modified:

How to parse snoop's output format with a shellscript

A side question to:
http://www.experts-exchange.com/Operating_Systems/Linux/Q_21876127.html

---
I have a snoop launched with the following command line:

snoop -d bge2 -x54 -ta host 192.168.104.152

but the format is something quite unreadable:


-----------------------------------
        0: 3139 4031 3932 2e31 3638 2e31 3034 2e32    19@192.168.104.2
       16: 3030 3a35 3036 3020 5349 502f 322e 300d    00:5060 SIP/2.0.
       32: 0a43 616c 6c2d 4944 3a20 3230 3833 3533    .Call-ID: 208353
       48: 3165 6537 6138 6533 6236 6266 6135 3565    1ee7a8e3b6bfa55e
       64: 6537 3239 3532 3864 3962 4031 3932 2e31    e729528d9b@192.1
       80: 3638 2e31 3034 2e31 3532 0d0a 4353 6571    68.104.152..CSeq
       96: 3a20 3120 494e 5649 5445 0d0a 4672 6f6d    : 1 INVITE..From
      112: 3a20 3c73 6970 3a54 5031 5f41 5032 4031    : <sip:TP1_AP2@1
      128: 3932 2e31 3638 2e31 3034 2e31 3532 3e3b    92.168.104.152>;
      144: 7461 673d 3132 3334 3536 3738 390d 0a54    tag=123456789..T
      160: 6f3a 203c 7369 703a 3131 3940 3139 322e    o: <sip:119@192.
      176: 3136 382e 3130 342e 3230 303e 0d0a 5669    168.104.200>..Vi
      192: 613a 2053 4950 2f32 2e30 2f55 4450 2031    a: SIP/2.0/UDP 1
      208: 3932 2e31 3638 2e31 3034 2e31 3532 3a35    92.168.104.152:5
      224: 3036 303b 6272 616e 6368 3d7a 3968 4734    060;branch=z9hG4
      240: 624b 3530 3166 6636 6235 6534 3465 3662    bK501ff6b5e44e6b
      256: 6563 3138 6162 6165 3130 6632 3363 3031    ec18abae10f23c01
      272: 3664 0d0a 4d61 782d 466f 7277 6172 6473    6d..Max-Forwards
      288: 3a20 3235 350d 0a43 6f6e 7465 6e74 2d4c    : 255..Content-L
      304: 656e 6774 683a 2030 0d0a 0d0a              ength: 0....
-----------------------------------

I am interested only in the ASCII part of the traffic, possibly put on one line; how can I make a shell script to parse only the ASCII part of this output?
0
Emanuele_Ciriachi
Asked:
Emanuele_Ciriachi
  • 2
1 Solution
 
pjedmondCommented:
OK - this possibly a job for sed:

snoop -d bge2 -x54 -ta host 192.168.104.152 | sed -e 's/ *//' | sed -e 's/.*  //' | sed -e :a -e '/.$/N; s/\n//; ta'

Lets explain:

sed -e 's/ *//'

substitutes all the leading spaces for nothing, effectively stripping them off.

sed -e 's/.*    //'

is a substitution whereby everything up to to a 4 space block is substituted with nothing. Effectively, this removes all of the binary data

sed -e :a -e '/.$/N; s/\n//; ta'

can possibly be improved, but basically this adds the following line to the one before (when it ends in anything).

Obviously, this is not that easy to remember, and requires a bit of typing each time, which I suspect you do not want to do, therefore:

alias wibble="sed -e 's/ *//' | sed -e 's/.*  //' | sed -e :a -e '/.$/N; s/\n//; ta'

and then you can:

snoop -d bge2 -x54 -ta host 192.168.104.152 | wibble

Depending on the exact chars your command outputs, you may need to alter the commands above (particularly number and location of spaces!), hence the explainations!


Better still, put the alias command in your ~/.bashrc file, then it is automatically run each time you log in:)
0
 
NopiusCommented:
Hello, Emanuele_Ciriachi.
Are you trying to get CDR's and call billing info directly from network captures :-)
Your question is about Solaris, not about Linux.

Anyway, there is an 'ethereal' package for both OSes. From shell script you may use text version 'tethereal'. Read manual first, of course.

Also, I guess, you need to say, what exactly do you need to get from that output? What for do you need to parse and what portions of data are interesting?
0
 
pjedmondCommented:
I guess I ought to give you the output from my commands above? (Your data was cut and pasted into data.txt):

[pje@bigserver tmp]# cat data.txt | wibble
19@192.168.104.200:5060 SIP/2.0..Call-ID: 2083531ee7a8e3b6bfa55ee729528d9b@192.168.104.152..CSeq: 1 INVITE..From: <sip:TP1_AP2@192.168.104.152>;tag=123456789..To: <sip:119@192.168.104.200>..Via: SIP/2.0/UDP 192.168.104.152:5060;branch=z9hG4bK501ff6b5e44e6bec18abae10f23c016d..Max-Forwards: 255..Content-Length: 0....
0
 
Emanuele_CiriachiAuthor Commented:
Thanks for all the great suggestions. I am not in the test lab today so cannot try it out, will let you know.
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now