shell脚本linux的参数。减去的grep [英] Shell script linux substract parameter grep
问题描述
我需要帮助,以从文件中提取的巧合。
使用tcpdump命令我捕获网络流量
tcpdump的-Xvv -i eth0的> captureFile.txt
块引用>由于IP报头,TCP和以太网的任何字段指定捕获的流量,发现所有的值,并计算了多少次该字段值。例如,如果假设TTL = 128 TTL = 64则表明多少数据包有一个领域与这些价值观。
该文件的内容:
09:26:13.245546 IP(TOS为0x0,TTL 1,ID 3439,偏移量为0,旗帜[无],原UDP(17),全长1018)
10.0.0.226.58935> 239.255.255.250.3702:UDP,长度990
0×0000:4500 03FA 0d6f 0000 0111 ada8 0A00 00E2è....Ø..........
0×0010:?EFFF FFFA e637 0e76 03e6 7ec0 3c3f 786d ..... 7.v ..〜< XM
0×0020:6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version =1.0。
0x0030:656e 636f 6469 6e67 3D22 7574 662D 3822编码=UTF-8
×0040:3f3e 3c73 6f61 703A 456e 7665><肥皂:ENVE
09:26:13.339173 IP6(hlim 1,下一首部UDP(17)有效载荷长度:998)FE80 :: 21e9:f54b:9ae7:6383.58936> FF02 :: c.3702:UDP,长度990
0×0000:6000 0000 03e6 1101 FE80 0000 0000 0000`...............
0×0010:21e9 f54b 9ae7 6383 FF02 0000 0000 0000 .. K..c .........
0×0020:0000 0000 0000 000C E638 0e76 03e6 666C ......... 8.v..fl
0x0030:3c3f 786d 6c20 7665 7273 696f 6e3d 2231< xml.version =1?
×0040:2e30 2220 656e 636f 6469 6e67 .0.encoding
09:26:13.407313 ARP,以太网(LEN 6),IPv4的(LEN 4),请求谁,有10.0.3.118告诉10.0.1.215,长度46
0×0000:0001 0800 0604 0001 0009 0fcb 0a0c 0A00 ................
0×0010:01d7 0000 0000 0000 0A00 0376 0000 0000 ........... v ....
0×0020:0000 0000 0000 0000 0000 d9c4 62a8 ............湾
09:26:13.525954 IP(TOS为0x0,TTL 128,编号3441,偏移量为0,旗帜[无],原UDP(17),长度161)
10.0.0.226.59131> 239.255.255.250.1900:UDP,长度133
0×0000:4500 00A1 0d71 0000 0111 b0ff 0A00 00E2è.... q ..........
0×0010:EFFF FFFA e6fb 076c 008D 6fa6 4d2d 5345 ....... l..o.M-SE
0×0020:4152 4348 2048 202A 5454 502F器312e 310D ARCH * HTTP / 1.1。
0x0030:0a48 6f73 743A 3233 3235 392e 3235 352E。主持人:239.255.25
×0040:352E 3235 303A 3139 3030 0D0A 5.250:1900 ..
09:26:13.557002 IP(TOS为0x0,TTL 1,ID 3442,偏移量为0,旗帜[无],原UDP(17),长度161)
10.0.0.226.59131> 239.255.255.250.1900:UDP,长度133
0×0000:4500 00A1 0d72 0000 0111 b0fe 0A00 00E2è.... - [R ..........
0×0010:EFFF FFFA e6fb 076c 008D 6fa6 4d2d 5345 ....... l..o.M-SE
0×0020:4152 4348 2048 202A 5454 502F器312e 310D ARCH * HTTP / 1.1。
0x0030:0a48 6f73 743A 3233 3235 392e 3235 352E。主持人:239.255.25
×0040:352E 3235 303A 3139 3030 0D0A 5.250:1900 ..
09:26:13.642734 IP(TOS为0x0,TTL 1,ID 21767,偏移量为0,旗帜[无],原UDP(17),长度684)
10.0.0.237.58882> 239.255.255.250.3702:UDP,长度656
0×0000:4500 02ac 5507 0000 0111 6753 0A00 00ed E. ..ü..... GS ....
0×0010:EFFF E602 FFFA 0e76 0298 5568 3c3f 786d ....... v..Uh< XM
0×0020:6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version =1.0。
0x0030:656e 636f 6469 6e67 3D22 7574 662D 3822编码=UTF-8
×0040:3f3e 3c73 6f61 703A 456e 7665><肥皂:ENVE
09:26:13.642960 IP6(hlim 1,下一首部UDP(17)有效载荷长度:664)FE80 :: b8a2:BD0:4e0b:1bb5.58883> FF02 :: c.3702:UDP,长度656
0×0000:6000 0000 0298 1101 FE80 0000 0000 0000`...............
0×0010:b8a2 0bd0 4e0b 1bb5 FF02 0000 0000 0000 ....ñ...........
0×0020:0000 0000 0000 000C E603 0e76 0298 248C ...........诉。$。
0x0030:3c3f 786d 6c20 7665 7273 696f 6e3d 2231< xml.version =
09:26:13.642999 IP(TOS为0x0,TTL 64,编号21767,偏移量为0,旗帜[无],原UDP(17),长度684)
10.0.0.237.58882> 239.255.255.250.3702:UDP,长度656
0×0000:4500 02ac 5507 0000 0111 6753 0A00 00ed E. ..ü..... GS ....
0×0010:EFFF E602 FFFA 0e76 0298 5568 3c3f 786d ....... v..Uh< XM
0×0020:6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version =1.0。
0x0030:656e 636f 6469 6e67 3D22 7574 662D 3822编码=UTF-8
×0040:3f3e 3c73 6f61 703A 456e 7665><肥皂:ENVE的结果必然是:
64 TTL - 1次
TTL 128 - 1次
TTL 1 - 3倍
解决方案我认为这将是作为你的期望的输出完全一样。
的grep -ioP'TTL \\ D +'文件| awk的'{a [$ 0] ++} END {打印X(在X) - 一个[X]次}
输出是:
TTL 1 - 3倍
TTL 64 - 1倍
TTL 128 - 1倍以及未究竟一样的,因为我没有检查的时间和次数..你真的需要吗?它可以轻松完成。
修改
作为OP要求,输出时间/次依赖于数:
的grep -ioP'TTL \\ D +'文件| awk的'{a [$ 0] ++} END {打印X(在X) - 一个[X]时间(一[X]大于1?的:)}
输出:
TTL 1 - 3倍
TTL 64 - 1次
TTL 128 - 1次I need help to extract coincidences from a file.
I capture network traffic with tcpdump command
tcpdump -Xvv -i eth0 > captureFile.txt
Given any field of IP headers, TCP and Ethernet specify all values found in the captured traffic and count how many times that value for that field. For example if suppose TTL = 128 TTL = 64 then indicate how many packets have that field with each of these values.
The content of the file:
09:26:13.245546 IP (tos 0x0, ttl 1, id 3439, offset 0, flags [none], proto UDP (17), length 1018) 10.0.0.226.58935 > 239.255.255.250.3702: UDP, length 990 0x0000: 4500 03fa 0d6f 0000 0111 ada8 0a00 00e2 E....o.......... 0x0010: efff fffa e637 0e76 03e6 7ec0 3c3f 786d .....7.v..~.<?xm 0x0020: 6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version="1.0". 0x0030: 656e 636f 6469 6e67 3d22 7574 662d 3822 encoding="utf-8" 0x0040: 3f3e 3c73 6f61 703a 456e 7665 ?><soap:Enve 09:26:13.339173 IP6 (hlim 1, next-header UDP (17) payload length: 998) fe80::21e9:f54b:9ae7:6383.58936 > ff02::c.3702: UDP, length 990 0x0000: 6000 0000 03e6 1101 fe80 0000 0000 0000 `............... 0x0010: 21e9 f54b 9ae7 6383 ff02 0000 0000 0000 !..K..c......... 0x0020: 0000 0000 0000 000c e638 0e76 03e6 666c .........8.v..fl 0x0030: 3c3f 786d 6c20 7665 7273 696f 6e3d 2231 <?xml.version="1 0x0040: 2e30 2220 656e 636f 6469 6e67 .0".encoding 09:26:13.407313 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.3.118 tell 10.0.1.215, length 46 0x0000: 0001 0800 0604 0001 0009 0fcb 0a0c 0a00 ................ 0x0010: 01d7 0000 0000 0000 0a00 0376 0000 0000 ...........v.... 0x0020: 0000 0000 0000 0000 0000 d9c4 62a8 ............b. 09:26:13.525954 IP (tos 0x0, ttl 128, id 3441, offset 0, flags [none], proto UDP (17), length 161) 10.0.0.226.59131 > 239.255.255.250.1900: UDP, length 133 0x0000: 4500 00a1 0d71 0000 0111 b0ff 0a00 00e2 E....q.......... 0x0010: efff fffa e6fb 076c 008d 6fa6 4d2d 5345 .......l..o.M-SE 0x0020: 4152 4348 202a 2048 5454 502f 312e 310d ARCH.*.HTTP/1.1. 0x0030: 0a48 6f73 743a 3233 392e 3235 352e 3235 .Host:239.255.25 0x0040: 352e 3235 303a 3139 3030 0d0a 5.250:1900.. 09:26:13.557002 IP (tos 0x0, ttl 1, id 3442, offset 0, flags [none], proto UDP (17), length 161) 10.0.0.226.59131 > 239.255.255.250.1900: UDP, length 133 0x0000: 4500 00a1 0d72 0000 0111 b0fe 0a00 00e2 E....r.......... 0x0010: efff fffa e6fb 076c 008d 6fa6 4d2d 5345 .......l..o.M-SE 0x0020: 4152 4348 202a 2048 5454 502f 312e 310d ARCH.*.HTTP/1.1. 0x0030: 0a48 6f73 743a 3233 392e 3235 352e 3235 .Host:239.255.25 0x0040: 352e 3235 303a 3139 3030 0d0a 5.250:1900.. 09:26:13.642734 IP (tos 0x0, ttl 1, id 21767, offset 0, flags [none], proto UDP (17), length 684) 10.0.0.237.58882 > 239.255.255.250.3702: UDP, length 656 0x0000: 4500 02ac 5507 0000 0111 6753 0a00 00ed E...U.....gS.... 0x0010: efff fffa e602 0e76 0298 5568 3c3f 786d .......v..Uh<?xm 0x0020: 6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version="1.0". 0x0030: 656e 636f 6469 6e67 3d22 7574 662d 3822 encoding="utf-8" 0x0040: 3f3e 3c73 6f61 703a 456e 7665 ?><soap:Enve 09:26:13.642960 IP6 (hlim 1, next-header UDP (17) payload length: 664) fe80::b8a2:bd0:4e0b:1bb5.58883 > ff02::c.3702: UDP, length 656 0x0000: 6000 0000 0298 1101 fe80 0000 0000 0000 `............... 0x0010: b8a2 0bd0 4e0b 1bb5 ff02 0000 0000 0000 ....N........... 0x0020: 0000 0000 0000 000c e603 0e76 0298 248c ...........v..$. 0x0030: 3c3f 786d 6c20 7665 7273 696f 6e3d 2231 <?xml.version=" 09:26:13.642999 IP (tos 0x0, ttl 64, id 21767, offset 0, flags [none], proto UDP (17), length 684) 10.0.0.237.58882 > 239.255.255.250.3702: UDP, length 656 0x0000: 4500 02ac 5507 0000 0111 6753 0a00 00ed E...U.....gS.... 0x0010: efff fffa e602 0e76 0298 5568 3c3f 786d .......v..Uh<?xm 0x0020: 6c20 7665 7273 696f 6e3d 2231 2e30 2220 l.version="1.0". 0x0030: 656e 636f 6469 6e67 3d22 7574 662d 3822 encoding="utf-8" 0x0040: 3f3e 3c73 6f61 703a 456e 7665 ?><soap:Enve
The result must be:
ttl 64 - 1 time ttl 128 - 1 time ttl 1 - 3 times
解决方案I think this would be exactly same as your expected output.
grep -ioP 'ttl \d+' file|awk '{a[$0]++}END{for(x in a)print x" - "a[x]" times"}'
output would be:
ttl 1 - 3 times ttl 64 - 1 times ttl 128 - 1 times
well not exactly same, since I didn't check time and times.. do you really need it? it could be done easily..
EDIT
as OP asks, output time/times depends on the count:
grep -ioP 'ttl \d+' file|awk '{a[$0]++}END{for(x in a)print x" - "a[x]" time"(a[x]>1?"s":"")}'
output:
ttl 1 - 3 times ttl 64 - 1 time ttl 128 - 1 time
这篇关于shell脚本linux的参数。减去的grep的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!