I have a pcap file as input and I want to get particular strings from the file. I used the following command:-
/home/rahul/vPath-dissector/binaries/wireshark-1.6.1/bin/tshark -r /home/rahul/Downloads/abc.pcap -V -x -O FTP | grep '^[0-9]\{4\}'
then I got the following output:-
0000 08 00 27 8f 99 c4 08 00 27 f3 90 1f 08 00 45 10 ..'.....'.....E.
0010 00 34 46 1d 40 00 40 06 5f 31 c0 a8 0a 0a c0 a8 .4F.@.@._1......
0020 0a 0b 00 15 89 56 1d 37 75 c6 8a df 8e c3 80 11 .....V.7u.......
0030 00 b5 9a 9d 00 00 01 01 08 0a 00 15 41 94 01 bb ............A...
0040 cc 93 ..
0000 08 00 27 f3 90 1f 08 00 27 8f 99 c4 08 00 45 10 ..'.....'.....E.
0010 00 34 33 e0 40 00 40 06 71 6e c0 a8 0a 0b c0 a8 .43.@.@.qn......
0020 0a 0a 89 56 00 15 8a df 8e c3 1d 37 75 c7 80 10 ...V.......7u...
0030 00 5c 9a f5 00 00 01 01 08 0a 01 bb cc 94 00 15 .\..............
0040 41 94 A.
I want the output as:-
08 00 27 8f 99 c4 08 00 27 f3 90 1f 08 00 45 10
00 34 46 1d 40 00 40 06 5f 31 c0 a8 0a 0a c0 a8
0a 0b 00 15 89 56 1d 37 75 c6 8a df 8e c3 80 11
00 b5 9a 9d 00 00 01 01 08 0a 00 15 41 94 01 bb
cc 93
08 00 27 f3 90 1f 08 00 27 8f 99 c4 08 00 45 10
00 34 33 e0 40 00 40 06 71 6e c0 a8 0a 0b c0 a8
0a 0a 89 56 00 15 8a df 8e c3 1d 37 75 c7 80 10
00 5c 9a f5 00 00 01 01 08 0a 01 bb cc 94 00 15
41 94
If I print the strings upto $18 or so using awk, then I get problem with the last line, because in some packets its less than the fixed length and so it gives the other strings as well which I don’t want.
Note:-
Between 00X0 and XX, there are two blank spaces and between the random string at end, there are three spaces.
So, I want string upto those three blank spaces, not rest after them….
Kindly help me with an awk expression which will give me the output as specified by me….
Easy, try this:
Output
Note:
If you have
gawk, you can remove thegrepcommand entirely and roll it intoawklike so