从文件shell脚本获取子字符串 [英] get a substring from a file shell script
本文介绍了从文件shell脚本获取子字符串的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这个shell脚本需要一点帮助。我有一个变量,代表一个IP / TCP头。我需要根据所选标题筛选流量捕获。
> var = ttl 128
>
> tcpdump -Xvv -n -i eth0 -c 300> capture.txt 2> / dev / null
>
> grep -i$ varcapture.txt> resultGrep.txt
tcpdump命令的结果就像这样
15:29:18.164566 IP(tos 0x0,ttl 1,id 2394,offset 0,flags [none],proto UDP(17),length 125)
10.0.0.155.58363> 239.255.255.254.1900:UDP,长度为97
0x0000:4600 0024 0000 0000 0102 3ad3 0a00 0000 F .. $ ......:.....
0x0010:e000 0001 9404 0000 1101 ebfe 0000 0000 ................
0x0020:0300 0000 0000 0000 0000 0000 0000 ..............
15:29:18.164566 IP(tos 0x0,ttl 128,id 2394,offset 0,flags [none],proto UDP(17),length 125)
10.0.0.131.58363> 239.255.255.250.1900:UDP,长度97
0x0000:4600 0024 0000 0000 0102 3ad3 0a00 0000 F .. $ ......:.....
0x0010:e000 0001 9404 0000 1101 ebfe 0000 0000 ................
0x0020:0300 0000 0000 0000 0000 0000 0000 ..............
我需要有ip地址源和ip地址目标,在这个例子中输出结果必须是
10.0.0.131.58363> 239.255.255.250.1900
解决方案 c> tcpdump :尝试直接在
Unix管道 > tcpdump -Xvv -n -i eth0 -c 300 |
grep -oP\d {1,3} \.\\\\ {1,3} \\\\\\ {1,3} \d {1,5} \s + GT; \s + \d {1,3} \.\d {1,3} \.\d {1,3} \。 \d {1,3} .\d {1,5}
这是摇滚固体;)
I need a little help with this shell script. I have a variable, represents a IP/TCP header. I need filter a traffic capture by the header selected.
> var=ttl 128
>
> tcpdump -Xvv -n -i eth0 -c 300 > capture.txt 2>/dev/null
>
> grep -i "$var" capture.txt > resultGrep.txt
The result of the tcpdump command is some like this
15:29:18.164566 IP (tos 0x0, ttl 1, id 2394, offset 0, flags [none], proto UDP (17), length 125)
10.0.0.155.58363 > 239.255.255.254.1900: UDP, length 97
0x0000: 4600 0024 0000 0000 0102 3ad3 0a00 0000 F..$......:.....
0x0010: e000 0001 9404 0000 1101 ebfe 0000 0000 ................
0x0020: 0300 0000 0000 0000 0000 0000 0000 ..............
15:29:18.164566 IP (tos 0x0, ttl 128, id 2394, offset 0, flags [none], proto UDP (17), length 125)
10.0.0.131.58363 > 239.255.255.250.1900: UDP, length 97
0x0000: 4600 0024 0000 0000 0102 3ad3 0a00 0000 F..$......:.....
0x0010: e000 0001 9404 0000 1101 ebfe 0000 0000 ................
0x0020: 0300 0000 0000 0000 0000 0000 0000 ..............
I need have ip address source and ip address destination, in the example the output result must be
10.0.0.131.58363 > 239.255.255.250.1900
解决方案
Try doing this directly in a Unix pipe over tcpdump :
tcpdump -Xvv -n -i eth0 -c 300 |
grep -oP "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}.\d{1,5}\s+>\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}.\d{1,5}"
This is rock solid ;)
这篇关于从文件shell脚本获取子字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
