Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Search results for query: *

  1. paulobrads

    Removing tcpdump buffering when piping output

    Actually - that does work if I also fflush the input to the awk. Cheers.
  2. paulobrads

    Removing tcpdump buffering when piping output

    Yeah, thanks for that but already tried that but doesn't seem to make any difference. Any other ideas?
  3. paulobrads

    Removing tcpdump buffering when piping output

    I'm piping the output of tcpdump to an awk command. Something like this: tcpdump -i eth0 | awk'{print $1}' Tcpdump seems to buffer output until quite a bit of data is received which is then all dumped to output in one load. Can this be removed to allow real time processing and printing of...
  4. paulobrads

    Using fflush to force pipe output

    I have the following awk command followed by a pipe in a shell script. I've been advised using fflush can force immediate piping of data rather than buffering. awk '{ gsub(/"/,"\\\"", $0); for(i=7; i<=NF; i++){ if(substr($6,1,6)!="GetRes"){ if(substr($6,1,2)!="C=") printf $i " " $6...
  5. paulobrads

    gsub escape character problem

    That's the beast. Cheers.
  6. paulobrads

    gsub escape character problem

    Afraid not, that slash is the wrong way round, I want to actually insert an escape character - \
  7. paulobrads

    gsub escape character problem

    I want to substitute all instances of " symbol in a string with /" symbol, literally. gsub(/\"/,"\\\"", $i); Gives me \\" for each " but I can't find a way of just \" Any ideas? Cheers.
  8. paulobrads

    Packet sniff shows GetResponse(n) - what is n?

    When I packet sniff my SNMP traffic the SNMP data type is always shown as GetResponse(number) or GetRequest(number), where 'number' is obviously an actual integer number. What does this number represent? Cheers.
  9. paulobrads

    Use 'print' but suppress line break?

    I have an awk command similar to this: echo this is a hello world | awk '{ for(i=3; i<=NF; i++){ print $i }}' So as to print the final 3 words of the string - however print puts a line break after each one so I get: a hello world How do I suppress this so I get it all on one line? Cheers.
  10. paulobrads

    Awk a string followed by write to MySQL?

    Yup - that's exactly it, cheers. Now any ideas how to cope when the $NF is a string containing double quotes " ? The MySQL command messes up because it gets terminated early. Cheers
  11. paulobrads

    Awk a string followed by write to MySQL?

    Now you mention it, that does look quite good, however are we missing some sort of escape character? Here is my shell: tcpdump -i eth1 -s 1500 port snmp | awk '{print "insert into oids (OID) values ( " $NF " );"}' | mysql -u myuser -pmypass snmp_OIDs And I get the error: ERROR 1064...
  12. paulobrads

    Awk a string followed by write to MySQL?

    I´m worried that I may need to write to the db quite regularly (up to a number of times a second) and creating a new connection to MySQL every time doesn´t feel very nice.
  13. paulobrads

    Awk a string followed by write to MySQL?

    I have tcpdump piping to an awk command and I want to write it to a MySQL database. I´m not sure the best way of going about this, through shell scripting or perl. A constant connection to the MySQL db will be required as tcpdump is constantly listening on the wire as the piping takes place...
  14. paulobrads

    Regex and/or tokenizing shell script newbie - please help

    I'm piping the results of a tcpdump to a shell script where I need to strip out SNMP OIDs and log just these. The tcpdump output looks something like this: 16:58:54.480137 IP 10.215.140.27.4513 > 10.215.189.91.snmp: GetRequest(28) 17.1.1 16:58:55.855419 IP 10.215.140.27.4514 >...
  15. paulobrads

    Loop results of grep and perform action

    Cheers for the advice Annihilannic, can you point me in the direction of an easy way of putting such a shell script into perl? Can you just inject system calls like tcpdump and pipes through that? Cheers.
  16. paulobrads

    Loop results of grep and perform action

    Cheers Annihilannic, That looks good, below is my shell script now to send off a trap when the regex is matched. However it seems unreliable - when I send data that I know matches the regex no trap gets sent for about 6 or 7 packets then on the 8th all 8 traps are sent together. Its like the...
  17. paulobrads

    Loop results of grep and perform action

    Thanks for your help. In particular feherke, that looks good but what I think I really need is a switch statement. When the script receives input from tcpdump I need it to fire off a particular SNMP packet, with the solution above the SNMP packets seen to alternate between one for ttl64 and...
  18. paulobrads

    Loop results of grep and perform action

    Thanks, that? great. My shell script now looks like this: #!/bin/bash grep 'ttl 64' -q && sudo snmptrap -v 1 -c private 127.0.0.1 1.3.6.1.4.1.2011.0.6.4 "" 6 23 "" grep 'ttl 128' -q && sudo snmptrap -v 1 -c private 127.0.0.1 1.3.6.1.4.1.2011.1.2.8 "" 6 23 "" You can see I fire a different...
  19. paulobrads

    Loop results of grep and perform action

    I'm running tcpdump and piping the output into a shell script, I want to grep for a string within the packet and perform an action if I find a match. How can I do stuff (write to file and execute a command) when a match is found? So far I have: #!/bin/bash read -p 'Input:' in_stuff grep 'ttl...
  20. paulobrads

    Trigger an event on spotting certain packets?

    Mmm, I've looked at snort and the alarms it sends seem only capable of being logged - no direct execution of anything. Something I'm missing with that? And/or any other ideas? Cheers.

Part and Inventory Search

Back
Top