Emanuele_Ciriachi
asked on
How to parse snoop's output format with a shellscript
A side question to:
https://www.experts-exchange.com/questions/21876127/Simple-question-on-snoop's-output-format.html
---
I have a snoop launched with the following command line:
snoop -d bge2 -x54 -ta host 192.168.104.152
but the format is something quite unreadable:
--------------------------
0: 3139 4031 3932 2e31 3638 2e31 3034 2e32 19@192.168.104.2
16: 3030 3a35 3036 3020 5349 502f 322e 300d 00:5060 SIP/2.0.
32: 0a43 616c 6c2d 4944 3a20 3230 3833 3533 .Call-ID: 208353
48: 3165 6537 6138 6533 6236 6266 6135 3565 1ee7a8e3b6bfa55e
64: 6537 3239 3532 3864 3962 4031 3932 2e31 e729528d9b@192.1
80: 3638 2e31 3034 2e31 3532 0d0a 4353 6571 68.104.152..CSeq
96: 3a20 3120 494e 5649 5445 0d0a 4672 6f6d : 1 INVITE..From
112: 3a20 3c73 6970 3a54 5031 5f41 5032 4031 : <sip:TP1_AP2@1
128: 3932 2e31 3638 2e31 3034 2e31 3532 3e3b 92.168.104.152>;
144: 7461 673d 3132 3334 3536 3738 390d 0a54 tag=123456789..T
160: 6f3a 203c 7369 703a 3131 3940 3139 322e o: <sip:119@192.
176: 3136 382e 3130 342e 3230 303e 0d0a 5669 168.104.200>..Vi
192: 613a 2053 4950 2f32 2e30 2f55 4450 2031 a: SIP/2.0/UDP 1
208: 3932 2e31 3638 2e31 3034 2e31 3532 3a35 92.168.104.152:5
224: 3036 303b 6272 616e 6368 3d7a 3968 4734 060;branch=z9hG4
240: 624b 3530 3166 6636 6235 6534 3465 3662 bK501ff6b5e44e6b
256: 6563 3138 6162 6165 3130 6632 3363 3031 ec18abae10f23c01
272: 3664 0d0a 4d61 782d 466f 7277 6172 6473 6d..Max-Forwards
288: 3a20 3235 350d 0a43 6f6e 7465 6e74 2d4c : 255..Content-L
304: 656e 6774 683a 2030 0d0a 0d0a ength: 0....
--------------------------
I am interested only in the ASCII part of the traffic, possibly put on one line; how can I make a shell script to parse only the ASCII part of this output?
https://www.experts-exchange.com/questions/21876127/Simple-question-on-snoop's-output-format.html
---
I have a snoop launched with the following command line:
snoop -d bge2 -x54 -ta host 192.168.104.152
but the format is something quite unreadable:
--------------------------
0: 3139 4031 3932 2e31 3638 2e31 3034 2e32 19@192.168.104.2
16: 3030 3a35 3036 3020 5349 502f 322e 300d 00:5060 SIP/2.0.
32: 0a43 616c 6c2d 4944 3a20 3230 3833 3533 .Call-ID: 208353
48: 3165 6537 6138 6533 6236 6266 6135 3565 1ee7a8e3b6bfa55e
64: 6537 3239 3532 3864 3962 4031 3932 2e31 e729528d9b@192.1
80: 3638 2e31 3034 2e31 3532 0d0a 4353 6571 68.104.152..CSeq
96: 3a20 3120 494e 5649 5445 0d0a 4672 6f6d : 1 INVITE..From
112: 3a20 3c73 6970 3a54 5031 5f41 5032 4031 : <sip:TP1_AP2@1
128: 3932 2e31 3638 2e31 3034 2e31 3532 3e3b 92.168.104.152>;
144: 7461 673d 3132 3334 3536 3738 390d 0a54 tag=123456789..T
160: 6f3a 203c 7369 703a 3131 3940 3139 322e o: <sip:119@192.
176: 3136 382e 3130 342e 3230 303e 0d0a 5669 168.104.200>..Vi
192: 613a 2053 4950 2f32 2e30 2f55 4450 2031 a: SIP/2.0/UDP 1
208: 3932 2e31 3638 2e31 3034 2e31 3532 3a35 92.168.104.152:5
224: 3036 303b 6272 616e 6368 3d7a 3968 4734 060;branch=z9hG4
240: 624b 3530 3166 6636 6235 6534 3465 3662 bK501ff6b5e44e6b
256: 6563 3138 6162 6165 3130 6632 3363 3031 ec18abae10f23c01
272: 3664 0d0a 4d61 782d 466f 7277 6172 6473 6d..Max-Forwards
288: 3a20 3235 350d 0a43 6f6e 7465 6e74 2d4c : 255..Content-L
304: 656e 6774 683a 2030 0d0a 0d0a ength: 0....
--------------------------
I am interested only in the ASCII part of the traffic, possibly put on one line; how can I make a shell script to parse only the ASCII part of this output?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I guess I ought to give you the output from my commands above? (Your data was cut and pasted into data.txt):
[pje@bigserver tmp]# cat data.txt | wibble
19@192.168.104.200:5060 SIP/2.0..Call-ID: 2083531ee7a8e3b6bfa55ee729
[pje@bigserver tmp]# cat data.txt | wibble
19@192.168.104.200:5060 SIP/2.0..Call-ID: 2083531ee7a8e3b6bfa55ee729
ASKER
Thanks for all the great suggestions. I am not in the test lab today so cannot try it out, will let you know.
Are you trying to get CDR's and call billing info directly from network captures :-)
Your question is about Solaris, not about Linux.
Anyway, there is an 'ethereal' package for both OSes. From shell script you may use text version 'tethereal'. Read manual first, of course.
Also, I guess, you need to say, what exactly do you need to get from that output? What for do you need to parse and what portions of data are interesting?