h**o 发帖数: 548 | 1 suppose the format of snoop.txt is:
.......
17 0.00253 ps2.bytemobile.com -> dev-x4200m2-02-z07-172 HTTP HTTP/1.1 200
OK
0: 0014 4f01 e6fb 0016 367e c798 0800 4500 ..O.....6~....E.
16: 023b 1f9e 4000 3f06 b9e4 ac10 0112 ac16 .;..@.?.........
32: 0702 0050 63a0 8321 00c6 7d7f e6e5 5018 ...Pc..!..}...P.
.........
160: 2e36 0d0a 5365 742d 436f 6f6b 6965 3a20 .6..Set-Cookie:
176: 626d 692d 636f 6f6b 6965 2d64 6174 613d cookie-data=
192: 3132 3334 3 |
g*****e 发帖数: 87 | 2 You can open the snoop file with wireshark and use Lua to script the data
extraction, or you can export the packet capture from wireshark to different text based
formats and write script to parse it. |
h**o 发帖数: 548 | 3 我是要编一段程序(shell or perl) 看snoop里有无我要的字符串. 不是用眼睛看. 所
以winshark 和
ethereal 都不适和我.
假设我的snoop 结果 是 a.snoop,前文说的snoop.txt是我用
snoop -i a.snoop -x0 > snoop.txt 得到的. 但snoop.txt中可读的文本在最右列, 我
还得某种方
式把可读的文本取出来再search我要的字符串. 麻烦.
我现在想了一个别的办法:
snoop -i a.snoop -v > a1.txt, 这样我可以从a1.txt里得到packet headers 信悉了(而
我要找的字符串 就应在http header 里).如:
TCP: No options
TCP:
HTTP: ----- HyperText Transfer Protocol -----
HTTP:
HTTP: GET /beast_uns/index.php HTTP/1.0
HTTP: User-Agent: Wget/1.11.1 (Red Hat modified)
HTTP: Accept:
【在 g*****e 的大作中提到】 : You can open the snoop file with wireshark and use Lua to script the data : extraction, or you can export the packet capture from wireshark to different text based : formats and write script to parse it.
|
k***r 发帖数: 4260 | 4 There is a unix command that split text in columns and only
keep the columns you need but i forget what that is ...
Worst case is to write a simple python script. Probably
less than 10 lines.
200
【在 h**o 的大作中提到】 : suppose the format of snoop.txt is: : ....... : 17 0.00253 ps2.bytemobile.com -> dev-x4200m2-02-z07-172 HTTP HTTP/1.1 200 : OK : 0: 0014 4f01 e6fb 0016 367e c798 0800 4500 ..O.....6~....E. : 16: 023b 1f9e 4000 3f06 b9e4 ac10 0112 ac16 .;..@.?......... : 32: 0702 0050 63a0 8321 00c6 7d7f e6e5 5018 ...Pc..!..}...P. : ......... : 160: 2e36 0d0a 5365 742d 436f 6f6b 6965 3a20 .6..Set-Cookie: : 176: 626d 692d 636f 6f6b 6965 2d64 6174 613d cookie-data=
|
h**o 发帖数: 548 | 5 Thanks you are talking about
cut -d' ' -f
【在 k***r 的大作中提到】 : There is a unix command that split text in columns and only : keep the columns you need but i forget what that is ... : Worst case is to write a simple python script. Probably : less than 10 lines. : : 200
|
k***r 发帖数: 4260 | 6 yes!
【在 h**o 的大作中提到】 : Thanks you are talking about : cut -d' ' -f
|