0

I am extracting ascii data from network packages captured by tcpdump. I have manipulated the data to the point I am on a single string and now need to cut it. The problem the left over string has the package header followed by the ascii data.

A string example is

+%_!^0r,zK"5÷fgf/Nametoextractanothernametoextracthostname1.1.1.12.1iwm876

Now the names to extract can change and be different. The hostname is the the variable I am using a constant. I want to add a delimiter in front of the host name so I can then use cut to remove the junk at the end of the string.

An example would be of the desired result

+%_!^0r,zK"5÷fgf/Nametoextractanothernametoextract:hostname1.1.1.12.1iwm876

So I can then use cut to get this output:

Nametoextract anothernametoextract
5
  • Given Nametoextract can be different, how do you expect to delimit it? Or is that not part of the question? Commented Oct 19, 2017 at 0:00
  • Right now the name to extract is being printed in the same line as the othername. For this question i am wondering how to get the : in front of the host name. Commented Oct 19, 2017 at 0:03
  • awk -F'[/|.]' '{gsub(/hostname[[:digit:]]/,""); print $2}' Commented Oct 19, 2017 at 0:04
  • Yup that worked for one of the packet capture files. It left a 0 at the end of the trailing. On the other (similar format the hostname changed only) i am getting numeric output of 66 only. I gave the code a go on another project and it filled a gap i had. Thanks so much. Commented Oct 19, 2017 at 0:21
  • I missed an * after [[:digit:]] to match more than one... Commented Oct 19, 2017 at 0:32

1 Answer 1

0

The trailing part seems to be easy, just remove from the 'hostname' (and a number) on :

$ a='+%_!^0r,zK"5÷fgf/Nametoextractanothernametoextracthostname1.1.1.12.1iwm876'

$ echo ${a%hostname[0-9]*}

+%_!^0r,zK"5÷fgf/Nametoextractanothernametoextract
2
  • Yep this did the trick. Works with both of my packet capture files. Thanks you so much. Commented Oct 19, 2017 at 0:22
  • 1
    @ltstrom Maybe you should read this: What should I do when I get a correct answer Commented Oct 19, 2017 at 0:26

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.