Databases
StackOverflow2013
Postsdbo
POGet information from a file shell script linux grep command
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGet information from a file shell script linux grep command
    text
    copied!<p>I need help to extract information from a file outuput from a network traffic with tcpdump command</p> <blockquote> <p>tcpdump -Xvv -i eth0 > capture.txt</p> </blockquote> <p>Given a field of any Ethernet headers, IP and TCP, and a value, indicate the source and destination IP machines that were reported under this condition (without repeating them in the output).</p> <p>The content of the file: </p> <pre><code>09:26:13.245546 IP (tos 0x0, ttl 1, id 3439, offset 0, flags [none], proto UDP (17), length 1018) 10.0.0.226.58935 &gt; 239.255.255.250.3702: UDP, ack 555, win 6584, length 990 0x0000: 4500 03fa 0d6f 0000 0111 ada8 0a00 00e2 E....o.......... 0x0010: efff fffa e637 0e76 03e6 7ec0 3c3f 786d .....7.v..~.&lt;?xm 0x0020: 6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version="1.0". 0x0030: 656e 636f 6469 6e67 3d22 7574 662d 3822 encoding="utf-8" 0x0040: 3f3e 3c73 6f61 703a 456e 7665 ?&gt;&lt;soap:Enve 09:26:13.339173 IP6 (hlim 1, next-header UDP (17) payload length: 998) fe80::21e9:f54b:9ae7:6383.58936 &gt; ff02::c.3702: UDP, length 990 0x0000: 6000 0000 03e6 1101 fe80 0000 0000 0000 `............... 0x0010: 21e9 f54b 9ae7 6383 ff02 0000 0000 0000 !..K..c......... 0x0020: 0000 0000 0000 000c e638 0e76 03e6 666c .........8.v..fl 0x0030: 3c3f 786d 6c20 7665 7273 696f 6e3d 2231 &lt;?xml.version="1 0x0040: 2e30 2220 656e 636f 6469 6e67 .0".encoding 09:26:13.407313 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.3.118 tell 10.0.1.215, length 46 0x0000: 0001 0800 0604 0001 0009 0fcb 0a0c 0a00 ................ 0x0010: 01d7 0000 0000 0000 0a00 0376 0000 0000 ...........v.... 0x0020: 0000 0000 0000 0000 0000 d9c4 62a8 ............b. 09:26:13.525954 IP (tos 0x0, ttl 128, id 3441, offset 0, flags [none], proto UDP (17), length 161) 10.0.0.226.59131 &gt; 239.255.255.250.1900: UDP, length 133 0x0000: 4500 00a1 0d71 0000 0111 b0ff 0a00 00e2 E....q.......... 0x0010: efff fffa e6fb 076c 008d 6fa6 4d2d 5345 .......l..o.M-SE 0x0020: 4152 4348 202a 2048 5454 502f 312e 310d ARCH.*.HTTP/1.1. 0x0030: 0a48 6f73 743a 3233 392e 3235 352e 3235 .Host:239.255.25 0x0040: 352e 3235 303a 3139 3030 0d0a 5.250:1900.. 09:26:13.557002 IP (tos 0x0, ttl 1, id 3442, offset 0, flags [none], proto UDP (17), length 161) 10.0.0.226.59131 &gt; 239.255.255.250.1900: UDP, length 133 0x0000: 4500 00a1 0d72 0000 0111 b0fe 0a00 00e2 E....r.......... 0x0010: efff fffa e6fb 076c 008d 6fa6 4d2d 5345 .......l..o.M-SE 0x0020: 4152 4348 202a 2048 5454 502f 312e 310d ARCH.*.HTTP/1.1. 0x0030: 0a48 6f73 743a 3233 392e 3235 352e 3235 .Host:239.255.25 0x0040: 352e 3235 303a 3139 3030 0d0a 5.250:1900.. 09:26:13.642734 IP (tos 0x0, ttl 1, id 21767, offset 0, flags [none], proto UDP (17), length 684) 10.0.0.237.58882 &gt; 239.255.255.250.3702: UDP, length 656 0x0000: 4500 02ac 5507 0000 0111 6753 0a00 00ed E...U.....gS.... 0x0010: efff fffa e602 0e76 0298 5568 3c3f 786d .......v..Uh&lt;?xm 0x0020: 6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version="1.0". 0x0030: 656e 636f 6469 6e67 3d22 7574 662d 3822 encoding="utf-8" 0x0040: 3f3e 3c73 6f61 703a 456e 7665 ?&gt;&lt;soap:Enve 09:26:13.642960 IP6 (hlim 1, next-header UDP (17) payload length: 664) fe80::b8a2:bd0:4e0b:1bb5.58883 &gt; ff02::c.3702: UDP, length 656 0x0000: 6000 0000 0298 1101 fe80 0000 0000 0000 `............... 0x0010: b8a2 0bd0 4e0b 1bb5 ff02 0000 0000 0000 ....N........... 0x0020: 0000 0000 0000 000c e603 0e76 0298 248c ...........v..$. 0x0030: 3c3f 786d 6c20 7665 7273 696f 6e3d 2231 &lt;?xml.version=" 09:26:13.642999 IP (tos 0x0, ttl 64, id 21767, offset 0, flags [none], proto UDP (17), length 684) 10.0.0.237.58882 &gt; 239.255.255.250.3702: UDP, length 656 0x0000: 4500 02ac 5507 0000 0111 6753 0a00 00ed E...U.....gS.... 0x0010: efff fffa e602 0e76 0298 5568 3c3f 786d .......v..Uh&lt;?xm 0x0020: 6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version="1.0". 0x0030: 656e 636f 6469 6e67 3d22 7574 662d 3822 encoding="utf-8" 0x0040: 3f3e 3c73 6f61 703a 456e 7665 ?&gt;&lt;soap:Enve </code></pre> <p>For example is the header is: ttl 1</p> <p>The result must be: </p> <pre><code>Source: 10.0.0.226.58935 --- Destination: 239.255.255.250.3702 - 1 Time Source: 10.0.0.237.58882 --- Destination: 239.255.255.250.3702 - 2 Times </code></pre> <p>Other way: is the header is: ack or win: for example: ack 555</p> <pre><code>Source: 10.0.0.226.58935 --- Destination: 239.255.255.250.3702 - 1 Time </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload