Simple script to match "type" "value" fields 1

[desperado618]

Below is a sample VPN packet that has fixed byte positions with a space delimiter. I would like to print the "type" and "value" matches to the screen. For example. Using the packet below i would like to print the following:

enc type is 3des
hash type is sha1
auth type is preshare
group type is modp1024
life type is sec
lifeduration is 0348

Any information would be greaty appreciated.
Also I would like this done with a bash script.

14:28:20.032075 172.26.60.3.500 > 172.26.70.2.500: [udp sum ok] isakmp 1.0 msgid 00000000
cookie 0b47e3d3f56281ff->0000000000000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)
(type=group desc value=modp1024)(type=auth value=preshared)
(type=lifetype value=sec)(type=lifeduration value=0384))))


What ive tried:
Im still fairly new to scripting and tried greping the contents which works when there is only 1 type/value. I believe a CASE command or possibly an if/else/then would work but im not certain how to designate the byte position or delimiter for the output since there is no limit to the number of TYPES that can be included.

 

[ZaSter]

How about this?

$ egrep -o "type=\w+ |value=\w+" inputfile | xargs -n2 | sed 's/type=//;s/value=/is /'
enc is 3des
hash is sha1
group is modp1024
auth is preshared
lifetype is sec
lifeduration is 0384

- ZaSter -

 

[desperado618]

Great thanks...Ill give this a try and post an update


Thanks again.

 

[desperado618]

The test works great however I do have a question about the -n2. At any given time there may be as little as 0 and as many as 20 type/value combinations in the packet. Will the -n2 limit it to only 2 results?

 

[Annihilannic]

In the example data you provided there were 6 type/value combinations, so it seems to work fine, no?

The egrep -o option is new to me, thanks for that tip ZaSter. Unfortunately it's GNU specific, but useful nonetheless!

Annihilannic.

 

[desperado618]

The command
$ egrep -o "type=\w+ |value=\w+" inputfile | xargs -n2 | sed 's/type=//;s/value=/is /'
Pulls out all of the type/value entries however the Sed substitution only runs once...My output is as follows:

enc is 3des type=hash value=sha1 type=auth value=preshared type=group value=modp1024 type=lifetype value=sec type=lifeduration value=2328

As you can see on the first type/value has the correct format.
Can someone provide me with a way to get SED to loop or read all of the input?

 

[Annihilannic]

Hmm... something funny going on there.

Does xargs behave like this on your system?

[tt]$ echo one two three four five | xargs -n2
one two
three four
five
$[/tt]

What OS are you on? Does xargs --version give you a version number?

Annihilannic.

 

[desperado618]

Fixed....Added g after delimiter.
$ egrep -o "type=\w+ |value=\w+" inputfile | xargs | sed 's/type=//g;s/value=/is /g'

Thanks again.

 

[Annihilannic]

An alternative, if you want the output on separate lines like you originally requested:

[tt]egrep -o "type=\w+ |value=\w+" inputfile | awk -F= '{t=$2; getline;print t"is "$2}'[/tt]

Annihilannic.