Search results for query: *

Actually - that does work if I also fflush the input to the awk. Cheers.

Yeah, thanks for that but already tried that but doesn't seem to make any difference. Any other ideas?

I'm piping the output of tcpdump to an awk command. Something like this: tcpdump -i eth0 | awk'{print $1}' Tcpdump seems to buffer output until quite a bit of data is received which is then all dumped to output in one load. Can this be removed to allow real time processing and printing of...

I have the following awk command followed by a pipe in a shell script. I've been advised using fflush can force immediate piping of data rather than buffering. awk '{ gsub(/"/,"\\\"", $0); for(i=7; i<=NF; i++){ if(substr($6,1,6)!="GetRes"){ if(substr($6,1,2)!="C=") printf $i " " $6...

That's the beast. Cheers.

Afraid not, that slash is the wrong way round, I want to actually insert an escape character - \

I want to substitute all instances of " symbol in a string with /" symbol, literally. gsub(/\"/,"\\\"", $i); Gives me \\" for each " but I can't find a way of just \" Any ideas? Cheers.

When I packet sniff my SNMP traffic the SNMP data type is always shown as GetResponse(number) or GetRequest(number), where 'number' is obviously an actual integer number. What does this number represent? Cheers.

I have an awk command similar to this: echo this is a hello world | awk '{ for(i=3; i<=NF; i++){ print $i }}' So as to print the final 3 words of the string - however print puts a line break after each one so I get: a hello world How do I suppress this so I get it all on one line? Cheers.

Yup - that's exactly it, cheers. Now any ideas how to cope when the $NF is a string containing double quotes " ? The MySQL command messes up because it gets terminated early. Cheers

Now you mention it, that does look quite good, however are we missing some sort of escape character? Here is my shell: tcpdump -i eth1 -s 1500 port snmp | awk '{print "insert into oids (OID) values ( " $NF " );"}' | mysql -u myuser -pmypass snmp_OIDs And I get the error: ERROR 1064...

I´m worried that I may need to write to the db quite regularly (up to a number of times a second) and creating a new connection to MySQL every time doesn´t feel very nice.

I have tcpdump piping to an awk command and I want to write it to a MySQL database. I´m not sure the best way of going about this, through shell scripting or perl. A constant connection to the MySQL db will be required as tcpdump is constantly listening on the wire as the piping takes place...

I'm piping the results of a tcpdump to a shell script where I need to strip out SNMP OIDs and log just these. The tcpdump output looks something like this: 16:58:54.480137 IP 10.215.140.27.4513 > 10.215.189.91.snmp: GetRequest(28) 17.1.1 16:58:55.855419 IP 10.215.140.27.4514 >...

Cheers for the advice Annihilannic, can you point me in the direction of an easy way of putting such a shell script into perl? Can you just inject system calls like tcpdump and pipes through that? Cheers.

Cheers Annihilannic, That looks good, below is my shell script now to send off a trap when the regex is matched. However it seems unreliable - when I send data that I know matches the regex no trap gets sent for about 6 or 7 packets then on the 8th all 8 traps are sent together. Its like the...

Thanks for your help. In particular feherke, that looks good but what I think I really need is a switch statement. When the script receives input from tcpdump I need it to fire off a particular SNMP packet, with the solution above the SNMP packets seen to alternate between one for ttl64 and...

Thanks, that? great. My shell script now looks like this: #!/bin/bash grep 'ttl 64' -q && sudo snmptrap -v 1 -c private 127.0.0.1 1.3.6.1.4.1.2011.0.6.4 "" 6 23 "" grep 'ttl 128' -q && sudo snmptrap -v 1 -c private 127.0.0.1 1.3.6.1.4.1.2011.1.2.8 "" 6 23 "" You can see I fire a different...

I'm running tcpdump and piping the output into a shell script, I want to grep for a string within the packet and perform an action if I find a match. How can I do stuff (write to file and execute a command) when a match is found? So far I have: #!/bin/bash read -p 'Input:' in_stuff grep 'ttl...

Mmm, I've looked at snort and the alarms it sends seem only capable of being logged - no direct execution of anything. Something I'm missing with that? And/or any other ideas? Cheers.