i want to run tshark for a live capture of my internet traffic my goal is to save the captures in json files in a folder now i'm using :
tshark -P -i 4 -w outfile.pcap
The prolem with this cxommand is that the output file is one gigantic file that i can't use while tshark is running and it's not json .
The -T json option instructs tshark to output JSON:
tshark -T json -i 4 > outfile.json
Related
I have output.txt file, where my script is storing some outputs, I just need to get the output of ID which is in the 1st line of the output.txt in myscript.sh file, can someone suggest a way to do that
{"id":"**dad04f6d-4e06-4420-b0bc-cb2dcfee2dcf**","name":"new","url":"https://dev.azure.com/vishalmishra2424/82c93136-470c-4be0-b6da-a8234f49a695/_apis/git/repositories/dad04f6d-4e06-4420-b0bc-cb2dcfee2dcf","project":{"id":"82c93136-470c-4be0-b6da-a8234f49a695","name":"vishalmishra","url":"https://dev.azure.com/vishalmishra2424/_apis/projects/82c93136-470c-4be0-b6da-a8234f49a695","state":"wellFormed","revision":12,"visibility":"public","lastUpdateTime":"2021-04-22T14:24:47.2Z"},"size":0,"remoteUrl":"https://vishalmishra2424#dev.azure.com/vishalmishra2424/vishalmishra/_git/new","sshUrl":"git#ssh.dev.azure.com:v3/vishalmishra2424/vishalmishra/new","webUrl":"https://dev.azure.com/vishalmishra2424/vishalmishra/_git/new","isDisabled":false}
The snippet you posted looks like
JSON and a utility named file
which can guess different types of file says that too:
$ file output.txt
output.txt: JSON data
You should use JSON-aware tools to extract value of id, for example
jq:
$ jq -r '.id' output.txt
**dad04f6d-4e06-4420-b0bc-cb2dcfee2dcf**
or jshon:
$ jshon -e id < output.txt
"**dad04f6d-4e06-4420-b0bc-cb2dcfee2dcf**"
I am running a puppet bolt command query certain information from a set of servers in json format. I am piping it to jq.. Below is what I get
$ bolt command run "cat /blah/blah" -n #hname.txt -u uid --no-host-key-check --format json |jq -jr '.items[]|[.node],[.result.stdout]'
[
"node-name"
][
"stdout data\n"
]
What do I need to do to make it appear like below
["nodename":"stdout data"]
If you really want output that is not valid JSON, you will have to construct the output string, which can easily be done using string interpolation, e.g.:
jq -r '.items[] | "[\"\(.node)\",\"\(.result.stdout)\"]"'
#peak thank you.. that helped. Below is how it looks like
$ bolt command run "cat /blah/blah" -n #hname.txt -u UID --no-host-key-check --format json |jq -r '.items[] | "[\"\(.node)\",\"\(.result.stdout)\"]"'
["node name","stdout data
"]
I used a work around to get the data I needed by using the #csv flag to the command itself. Sharing with you below what worked.
$ bolt command run "cat /blah/blah" -n #hname.txt -u uid --no-host-key-check --format json |jq -jr '.items[]|[.node],[.result.stdout]|#csv'
""node-name""stdout.data
"
When i give the URL (http://192.168.150.41:8080/filereport/31779/json/) in browser, It automatically downloads the file as 31779_report.json.
Now using i'm trying to download the file using curl but i get the following error.
$ curl -O http://192.168.150.41:8080/filereport/31779/json/
curl: Remote file name has no length!
curl: try 'curl --help' or 'curl --manual' for more information
When using the '-L' switch , I get the JSON content displayed but the file is not saved.
$curl -L http://192.168.150.41:8080/filereport/31779/json/
{
.....
.....
}
How to download the exact file "31779_report.json" using cURL / wget ?
I don't want the contents to be redirected (>) manually to a file (31779_report.json).
Any suggestions please ?
The -O flag of curl tries to use the remote name of the file, but because your URL schema does not end with a filename, it can not do this. The -o flag (lower-case o) can be used to specify a file name manually without redirecting STDOUT like so:
curl <address> -o filename.json
You can manually construct the filename format you want using awk. For example:
URL=http://192.168.150.41:8080/filereport/31779/json/
file_number=$(echo $URL | awk -F/ '{print $(NF-2)}')
file_name="${file_number}_report.json"
curl -L "$URL" -o "$file_name"
Hope this is more helpful.
wget --content-disposition did the trick for me (https://askubuntu.com/a/77713/18665)
$ wget --content-disposition https://www.archlinux.org/packages/core/x86_64/lib32-glibc/download/
...
Saving to: 'lib32-glibc-2.33-4-x86_64.pkg.tar.zst'
Compare to curl:
$ curl -LO https://www.archlinux.org/packages/core/x86_64/lib32-glibc/download/
curl: Remote file name has no length!
curl: (23) Failed writing received data to disk/application
And wget without --content-disposition:
$ wget https://www.archlinux.org/packages/core/x86_64/lib32-glibc/download/
...
Saving to: 'index.html'
I am trying to programmatically capture a stream of packets by using Tshark. The simplified terminal command I am using is:
tshark -i 2 -w output.pcap
This is pretty straightforward, but I then need to get a .csv file in order to easily analyze the information captured.
By opening the .pcap file in Wireshark and exporting it in .csv what I get is a file structured as follows:
"No.","Time","Source","Destination","Protocol","Length","Info"
but,again, I need to do this in an automatic way. So I tried using the command:
tshark -r output.pcap -T fields -e frame.number -e ip.src -e ip.dst -e frame.len -e frame.time -e frame.time_relative -E header=y -E separator=, > output.csv
but I can not find anywhere the name of the "Info" field I get when manually exporting the .csv.
Any ideas? Thanks!
Yes, you can if you use the latest Development Release.
See Wireshark Bug 2892.
Download the Development Release Version 1.9.0.
Use the following command:
$ tshark -i 2 -T fields -e frame.time -e col.Info
Output
Feb 28, 2013 20:58:24.604635000 Who has 10.10.128.203? Tell 10.10.128.1
Feb 28, 2013 20:58:24.678963000 Who has 10.10.128.163? Tell 10.10.128.1
Note
-e col.Info,
Use capital I
How about directly exporting the packets to a csv file.
sudo tshark > fileName.csv
I want to convert the output of ifstat command into JSON and serve it over http on the fly to be used for a javascript graph app. Are there any lightweight -- sed or awk -- command-line solutions which I can use? I do not want to store JSON output on the disk and it would be good if the web-server was a small lightweight command line tool into which I can pipe JSON output.
EDIT 1:
This is the live streaming chart library which will use the data. I'm not keen on a specific web server; any webserver that does the job would be fine.
This is what I have tried.
Terminal #1
ifstat -n | awk 'NR>2{print systime(),$0; fflush()}' | tee ifstat.log
Terminal #2
while :
do
{
echo -e "HTTP/1.1 200 OK"
echo -e "Content-Type: application/json\n"
tail -n1 ifstat.log | awk '{ printf("{\"time\":%s, \"in\":%s, \"out\":%s}\n", $1, $2, $3) }'
} | nc -l 8000
done
firefox
open: http://localhost:8000
{"time":1332052321, "in":1.24, "out":2.62}
I know little about JSON. Maybe the output is invalid. You should rewrite the awk command.