|
EtherealRe: [Ethereal-dev] tethereal irritation |
|
||
|
|
EtherealRe: [Ethereal-dev] tethereal irritation |
|
||
Thanks, I will try that. Kevin
On Thursday, Jan 23, 2003, at 17:41 US/Eastern, Jaime Fournier wrote:
Yeah I ran into that problem as well using awk. The easier way to do it, imho, is to use the -z option to print out any variables you desire to see on COL_INFO. For example to see the dcerpc.time I use tethereal -z "proto,colinfo,dcerpc.time,dcerpc.time" This will append "dcerpc.time == 0.0000343" to my COL_INFO. No doubt much easier. And you can also have multiple -z statements. So I actually end up with a very long command line of -z "..." -z "..." etc.
Hope that helps.
--- kem <kem2@xxxxxxx> wrote:Trying to run awk against the output from tethereal -V to pull selected fields out of a given frame. I am specifying the Field Separator as newline and the Record Separator as blank line: BEGIN { FS = "\n"; RS = "" } { print $1, $2, $3 }
The problem is there is an empty line before the data field on frames that have data. There does not seem to be any consistent end of frame text I can use as the RS.
Would it be possible to either remove the space from before the data field or put some end of record indicator at the end of the frame output?
Thanks Kevin mason
_______________________________________________ Ethereal-dev mailing list Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
===== Jaime Fournier
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ Ethereal-dev mailing list Ethereal-dev@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-dev
Powered by MHonArc 2.6.10