CODEWITHSUNDEEP
shellunixscriptingawk
Rahul
Rahul

Reputation: 2635

Awk expression to get a particular pattern from the given input

I have a pcap file as input and I want to get particular strings from the file. I used the following command:-

/home/rahul/vPath-dissector/binaries/wireshark-1.6.1/bin/tshark -r /home/rahul/Downloads/abc.pcap -V -x -O FTP | grep '^[0-9]\{4\}'

then I got the following output:-

0000  08 00 27 8f 99 c4 08 00 27 f3 90 1f 08 00 45 10   ..'.....'.....E.
0010  00 34 46 1d 40 00 40 06 5f 31 c0 a8 0a 0a c0 a8   .4F.@.@._1......
0020  0a 0b 00 15 89 56 1d 37 75 c6 8a df 8e c3 80 11   .....V.7u.......
0030  00 b5 9a 9d 00 00 01 01 08 0a 00 15 41 94 01 bb   ............A...
0040  cc 93                                             ..


0000  08 00 27 f3 90 1f 08 00 27 8f 99 c4 08 00 45 10   ..'.....'.....E.
0010  00 34 33 e0 40 00 40 06 71 6e c0 a8 0a 0b c0 a8   .43.@[email protected]......
0020  0a 0a 89 56 00 15 8a df 8e c3 1d 37 75 c7 80 10   ...V.......7u...
0030  00 5c 9a f5 00 00 01 01 08 0a 01 bb cc 94 00 15   .\..............
0040  41 94                                             A.

I want the output as:-

08 00 27 8f 99 c4 08 00 27 f3 90 1f 08 00 45 10
00 34 46 1d 40 00 40 06 5f 31 c0 a8 0a 0a c0 a8
0a 0b 00 15 89 56 1d 37 75 c6 8a df 8e c3 80 11
00 b5 9a 9d 00 00 01 01 08 0a 00 15 41 94 01 bb
cc 93  


08 00 27 f3 90 1f 08 00 27 8f 99 c4 08 00 45 10
00 34 33 e0 40 00 40 06 71 6e c0 a8 0a 0b c0 a8
0a 0a 89 56 00 15 8a df 8e c3 1d 37 75 c7 80 10
00 5c 9a f5 00 00 01 01 08 0a 01 bb cc 94 00 15
41 94

If I print the strings upto $18 or so using awk, then I get problem with the last line, because in some packets its less than the fixed length and so it gives the other strings as well which I don't want.

Note:- Between 00X0 and XX, there are two blank spaces and between the random string at end, there are three spaces.

So, I want string upto those three blank spaces, not rest after them....

Kindly help me with an awk expression which will give me the output as specified by me....

Upvotes: 1

Views: 209

Answers (2)

yingted
yingted

Reputation: 10544

Try using cut

xxd file | cut -d\  -f3-18

Warning: untested

Upvotes: 0

SiegeX
SiegeX

Reputation: 140327

Easy, try this:

 awk -F'  +' '{print $2}' ./infile

Output

$ awk -F'  +' '{print $2}' ./infile
08 00 27 8f 99 c4 08 00 27 f3 90 1f 08 00 45 10
00 34 46 1d 40 00 40 06 5f 31 c0 a8 0a 0a c0 a8
0a 0b 00 15 89 56 1d 37 75 c6 8a df 8e c3 80 11
00 b5 9a 9d 00 00 01 01 08 0a 00 15 41 94 01 bb
cc 93


08 00 27 f3 90 1f 08 00 27 8f 99 c4 08 00 45 10
00 34 33 e0 40 00 40 06 71 6e c0 a8 0a 0b c0 a8
0a 0a 89 56 00 15 8a df 8e c3 1d 37 75 c7 80 10
00 5c 9a f5 00 00 01 01 08 0a 01 bb cc 94 00 15

Note: If you have gawk, you can remove the grep command entirely and roll it into awk like so

awk --re-interval -F'  +' '/^[0-9]{4}/{print $2}' ./infile

Upvotes: 1

Related Questions