I'm trying make a batch script output each packets ASCII on its own line in a text file. I'm using Windows command prompt with tshark and awk.
Batch looks something like this.
@ECHO OFF
tshark -r "PCAP" --hexdump delimit | awk -f "awk script" >> "txt file path"
Output from tshark
0000 a5 70 5d ca 13 fe 00 d9 61 59 c7 95 08 00 45 00 .p].....aY....E.
0010 00 ac ec 80 40 00 80 06 00 00 0a 00 00 5e c6 f4 ...p@........^..
0020 c4 e2 c1 10 18 e1 e6 cc d3 f6 f9 48 c0 3f 50 18 ...........H.?P.
0030 11 00 9a d5 00 00 82 00 87 11 00 37 36 35 36 31 ...........76561
0040 31 39 38 34 33 39 33 35 33 38 33 33 20 00 62 34 192439253833 .b4
0050 65 61 30 33 30 63 35 31 39 63 33 30 63 30 66 36 ea035c515c30c0f6
0060 31 64 38 38 64 36 66 36 33 65 36 34 65 61 00 00 1d88d6f62e64ea..
0070 08 00 31 2e 30 2e 36 2e 31 37 05 00 57 69 6e 36 ..1.0.4.12..Win6
0080 34 c0 7e 04 22 07 00 55 4e 4b 4e 4f 57 4e 04 00 4.~."..UNKNOWN..
0090 42 41 44 31 20 00 66 38 38 35 35 32 31 33 34 66 BAD1 .f88552134f
00a0 64 63 31 37 61 33 32 32 37 31 32 62 30 35 34 65 dc17a322712b054e
00b0 33 31 32 36 32 63 00 00 00 00 31262c....
If helps I can change input to awk look like this
0000 a8 70 5d ca 13 fe 00 d8 61 59 c7 95 08 00 45 00 |.p].....aY....E.|
0010 00 ac ec 70 40 00 80 06 00 00 0a 00 00 5e c6 f4 |...p@........^..|
0020 c8 e4 c2 18 17 e1 e6 cc d3 f6 f9 48 c0 3f 50 18 |...........H.?P.|
0030 10 00 9a d5 00 00 82 00 87 11 00 37 36 35 36 31 |...........72561|
0040 31 39 38 34 33 39 33 35 33 38 33 33 20 00 62 34 |198439343833 .b4|
0050 65 61 30 33 30 63 35 31 39 63 33 30 63 30 66 36 |ea030c519c30c0f6|
0060 31 64 38 38 64 36 66 36 33 65 36 34 65 61 00 00 |1d82d6f63e54ea..|
0070 08 00 31 2e 30 2e 36 2e 31 37 05 00 57 69 6e 36 |..1.0.6.17..Win6|
0080 34 c0 7e 04 22 07 00 55 4e 4b 4e 4f 57 4e 04 00 |4.~."..UNKNOWN..|
0090 42 41 44 31 20 00 66 38 38 35 35 32 31 33 34 66 |BAD1 .f88552134f|
00a0 64 63 31 37 61 33 32 32 37 31 32 62 30 35 34 65 |dc17a322712b054e|
00b0 33 31 32 36 32 63 00 00 00 00 |31262c....|
I would like this to be stored in a text file. Desired Output to text file.
.p].....aY....E....p@........^.............H.?P............72561198439343833 .b4ea030c519c30c0f61d88d6f62e64ea....1.0.6.17..Win64.~."..UNKNOWN..BAD1 .f88552134fdc17a322712b054e31262c....
.p].....aY....E....p@........^.............H.?P............72561198439343833 .b4ea030c519c30c0f61d88d6f62e64ea....1.0.6.17..Win64.~."..UNKNOWN..BAD1 .f88552134fdc17a322712b054e31262c....
CodePudding user response:
I would harness GNU AWK for this task following way, let file.txt content be
0000 a5 70 5d ca 13 fe 00 d9 61 59 c7 95 08 00 45 00 .p].....aY....E.
0010 00 ac ec 80 40 00 80 06 00 00 0a 00 00 5e c6 f4 ...p@........^..
0020 c4 e2 c1 10 18 e1 e6 cc d3 f6 f9 48 c0 3f 50 18 ...........H.?P.
0030 11 00 9a d5 00 00 82 00 87 11 00 37 36 35 36 31 ...........76561
0040 31 39 38 34 33 39 33 35 33 38 33 33 20 00 62 34 192439253833 .b4
0050 65 61 30 33 30 63 35 31 39 63 33 30 63 30 66 36 ea035c515c30c0f6
0060 31 64 38 38 64 36 66 36 33 65 36 34 65 61 00 00 1d88d6f62e64ea..
0070 08 00 31 2e 30 2e 36 2e 31 37 05 00 57 69 6e 36 ..1.0.4.12..Win6
0080 34 c0 7e 04 22 07 00 55 4e 4b 4e 4f 57 4e 04 00 4.~."..UNKNOWN..
0090 42 41 44 31 20 00 66 38 38 35 35 32 31 33 34 66 BAD1 .f88552134f
00a0 64 63 31 37 61 33 32 32 37 31 32 62 30 35 34 65 dc17a322712b054e
00b0 33 31 32 36 32 63 00 00 00 00 31262c....
then
awk 'BEGIN{ORS=""}{print substr($0,57)}' file.txt
gives output
.p].....aY....E....p@........^.............H.?P............76561192439253833 .b4ea035c515c30c0f61d88d6f62e64ea....1.0.4.12..Win64.~."..UNKNOWN..BAD1 .f88552134fdc17a322712b054e31262c....
Explanation: I inform GNU AWK that output row separator (ORS) is empty string, so nothing is appendend when printing, then for each line I use substr function to get substring of whole line ($0) starting at 57th character and print it. If you want to know more about ORS then read 8 Powerful Awk Built-in Variables – FS, OFS, RS, ORS, NR, NF, FILENAME, FNR
(tested in gawk 4.2.1)