Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Bizzare experience with awk - doesn't work with pipes....
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
OdinsDream
Veteran
Veteran


Joined: 01 Jun 2002
Posts: 1057

PostPosted: Tue Apr 22, 2003 4:25 am    Post subject: Bizzare experience with awk - doesn't work with pipes.... Reply with quote

I'm attempting to pass the output of a tethereal session through awk to tease out fields I'm interested in. This works:


$ tethereal options > packets_captured
$ awk '{print $2}' packets_captured


It prints out the information I need. However, I need to be doing this as the packets are captured and displayed, so I tried what seems equivalent:


$ tethereal options | awk '{print $2}'

This just prints "Capturing on eth0", and nothing. I've verified that information is flowing, but it just doesn't seem to pass through awk.

What am I doing wrong here?
_________________
s/(?<!gnu\/)linux(?! kernel)/GNU\/Linux/gi

Don't blame me. I didn't vote for him.

http://john.simplykiwi.com
Back to top
View user's profile Send private message
seang
Tux's lil' helper
Tux's lil' helper


Joined: 18 Jun 2002
Posts: 88
Location: France

PostPosted: Tue Apr 22, 2003 6:19 am    Post subject: Reply with quote

To utter those immortal (and not overly helpful...) words: it works for me!

The only thing I can think of: what tethereal options do you use? I tried it with none at all.
Back to top
View user's profile Send private message
OdinsDream
Veteran
Veteran


Joined: 01 Jun 2002
Posts: 1057

PostPosted: Wed Apr 23, 2003 4:10 pm    Post subject: Reply with quote

seang wrote:
To utter those immortal (and not overly helpful...) words: it works for me!

The only thing I can think of: what tethereal options do you use? I tried it with none at all.


Code:

tethereal -i eth0 -R "aim.fnac.family == 4 && (aim.fnac.subtype == 6 || aim.fnac.subtype == 7)" "tcp port 5190" | awk -F"AIM Message " '{print $2}'


In theory should split the output, like:
Code:

Capturing on eth0
 10.469012 155.47.25.94 -> 205.188.8.48 AIM Message to: Screenname -> hi


based on the field separator: "AIM Message ", so the 2nd half of this would end up being:
Code:

to: Screenname -> hi


Which, it should print....
_________________
s/(?<!gnu\/)linux(?! kernel)/GNU\/Linux/gi

Don't blame me. I didn't vote for him.

http://john.simplykiwi.com
Back to top
View user's profile Send private message
seang
Tux's lil' helper
Tux's lil' helper


Joined: 18 Jun 2002
Posts: 88
Location: France

PostPosted: Fri Apr 25, 2003 6:30 am    Post subject: Reply with quote

You've got me interested!! I tried a simpler version of a filter as:
Code:
tethereal -i eth0  "tcp port 80"

which of course spits out the web traffic.

I then feed that through awk with:
Code:
tethereal -i eth0  "tcp port 80"  |awk -F"HTTP GET " '{print $2}'


and get what I (and you!) would expect, e.g.:
Code:
/us.yimg.com/i/my/top7.gif HTTP/1.1
/us.yimg.com/i/spacer.gif HTTP/1.1
/eur.yimg.com/i//de/icon/m/nws.gif HTTP/1.1


Your filter is of course fancier, but I assume that it works fine, so what's up here? Well frankly, I can't see :P But one additional thought springs to mind: you know your filter works, and you know the awk expression works - how about a failsafe check that guarantees that when you run the two together you are indeed getting matches on the filter? I'm just speculating wildly that maybe during the tests nothing matches? So something like:
Code:
tethereal -i eth0 -R "aim.fnac.family == 4 && (aim.fnac.subtype == 6 || aim.fnac.subtype == 7)" "tcp port 5190" | tee full.log | awk -F"AIM Message " '{print $2}'

and then check full.log to be certain that during that run you did have correct data?

I admit this is a pretty thin suggestion, but it's all I can think of! I'd love to know what the solution is to this.
Back to top
View user's profile Send private message
OdinsDream
Veteran
Veteran


Joined: 01 Jun 2002
Posts: 1057

PostPosted: Fri Apr 25, 2003 11:50 pm    Post subject: Reply with quote

Apparently the -R option, which specifies the display filters to use, affect the use of awk.

If I omit this part of my command, I get the expected output.

Code:

tethereal -i eth0 "tcp port 5190" | awk -F"AIM Message " '{print $2}'


This does work, but I also get tons of whitespace, which is happening when other AIM data flows through awk, besides simply the conversations. How can I filter this out?
_________________
s/(?<!gnu\/)linux(?! kernel)/GNU\/Linux/gi

Don't blame me. I didn't vote for him.

http://john.simplykiwi.com
Back to top
View user's profile Send private message
seang
Tux's lil' helper
Tux's lil' helper


Joined: 18 Jun 2002
Posts: 88
Location: France

PostPosted: Mon Apr 28, 2003 7:56 am    Post subject: Reply with quote

Now that one I know (although it may not be the most awk'ly elegant way to do it):

Change your
Quote:
tethereal -i eth0 "tcp port 5190" | awk -F"AIM Message " '{print $2}'


to (say)
Quote:
tethereal -i eth0 "tcp port 5190" | awk -F"AIM Message " '/AIM Message/ {print $2}'


i.e. add in the match via /AIM Message/

Sean
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum