FireBall
asked on
AWK Problem
given awk script return as sth given below again but there are 2 mistakes
1. at the end of ttl there is a ) sign we need to remove it
2. 4510 00b8 9f05 4000 4006 74f0 b909 9d0f this part need to be as this 45 10 00 b8 9f 05 40 00 40 06 74 f0 b9 09 9d 0f
orginal output :
1. at the end of ttl there is a ) sign we need to remove it
2. 4510 00b8 9f05 4000 4006 74f0 b909 9d0f this part need to be as this 45 10 00 b8 9f 05 40 00 40 06 74 f0 b9 09 9d 0f
tcpdump -nnlq -v -X | awk '/ IP /{gsub(",","");ttl=$6;proto=$14;leng=$17;}/ > /{gsub(/:/,"");a=$1;b=$3;}/0x0000:/{n=split(a,s,/[.]/);sub("[.]" s[n] "$"," " s[n],a);n=split(b,s,/[.]/);sub("[.]" s[n] "$"," " s[n],b);$1="";$NF="";print a, b, proto,leng,ttl,$0 }'
185.9.157.15 22 88.236.119.53 52607 TCP 184) 64 4510 00b8 9f05 4000 4006 74f0 b909 9d0f
88.236.119.53 52607 185.9.157.15 22 TCP 40) 118 4500 0028 167f 4000 7606 c816 58ec 7735
orginal output :
18:13:29.926429 IP (tos 0x0, ttl 118, id 7114, offset 0, flags [DF], proto TCP (6), length 40)
88.236.119.53.52607 > 185.9.157.15.22: tcp 0
0x0000: 4500 0028 1bca 4000 7606 c2cb 58ec 7735 E..(..@.v...X.w5
0x0010: b909 9d0f cd7f 0016 490b 1937 b656 8930 ........I..7.V.0
0x0020: 5010 413a d900 0000 0000 0000 0000 P.A:..........
awk '/ IP /{gsub("[,)]","");ttl=$6;p roto=$14;l eng=$17;}/ > /{gsub(/:/,"");a=$1;b=$3;} /0x0000:/{ n=split(a, s,/[.]/);s ub("[.]" s[n] "$"," " s[n],a);n=split(b,s,/[.]/) ;sub("[.]" s[n] "$"," " s[n],b);$1="";$NF="";gsub( " ..","& ");print a, b, proto,leng,ttl,$0 }'
ASKER
should we get first 64 hex instead of 32 ?
ASKER
And also after a while it returns as an error that :
awk: (FILENAME=- FNR=1554) fatal: Unmatched ( or \(: /[.](hlim$/
222 packets captured
222 packets received by filter
0 packets dropped by kernel
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am not familiar with awk :) if you help me i will be glad for that also i have one more question after that :)