batch-fileawktshark

How can I output packets ASCII on each line? TSHARK AWK DOS

I'm trying make a batch script output each packets ASCII on its own line in a text file. I'm using Windows command prompt with tshark and awk.

Batch looks something like this. I want the script below

@ECHO OFF
tshark -r "PCAP" --hexdump delimit | awk -f "awk script" >> "txt file path"

Output from tshark

0000  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   .p].....cY....d.
0010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ...dd........^..
0020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ...........H.2P.
0030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ...........76561
0040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   1942342342334.b4
0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ea042342344  0f6
0060  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   1d8800000000ea..
0070  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ..45345343534in6
0080  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   4.~3453535353N..
0090  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   2323221 .353134f
00a0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   dc534234234b054e
00b0  00 00 00 00 00 00 00 00 00 00                     3124342c....

I would like this to be stored in a text file. Desired Output to text file.

.p].....cY....d....dd........^.............H.2P.1942342342334.b4
.p].....cY....d....dd........^.............H.2P.1942342342334.b4
.p].....cY....d....dd........^.............H.2P.1942342342334.b4
.p].....cY....d....dd........^.............H.2P.1942342342334.b4
Solution

  • I would harness GNU AWK for this task following way, let file.txt content be

    0000  a5 70 5d ca 13 fe 00 d9 61 59 c7 95 08 00 45 00   .p].....aY....E.
0010  00 ac ec 80 40 00 80 06 00 00 0a 00 00 5e c6 f4   ...p@........^..
0020  c4 e2 c1 10 18 e1 e6 cc d3 f6 f9 48 c0 3f 50 18   ...........H.?P.
0030  11 00 9a d5 00 00 82 00 87 11 00 37 36 35 36 31   ...........76561
0040  31 39 38 34 33 39 33 35 33 38 33 33 20 00 62 34   192439253833 .b4
0050  65 61 30 33 30 63 35 31 39 63 33 30 63 30 66 36   ea035c515c30c0f6
0060  31 64 38 38 64 36 66 36 33 65 36 34 65 61 00 00   1d88d6f62e64ea..
0070  08 00 31 2e 30 2e 36 2e 31 37 05 00 57 69 6e 36   ..1.0.4.12..Win6
0080  34 c0 7e 04 22 07 00 55 4e 4b 4e 4f 57 4e 04 00   4.~."..UNKNOWN..
0090  42 41 44 31 20 00 66 38 38 35 35 32 31 33 34 66   BAD1 .f88552134f
00a0  64 63 31 37 61 33 32 32 37 31 32 62 30 35 34 65   dc17a322712b054e
00b0  33 31 32 36 32 63 00 00 00 00                     31262c....

    then

    awk 'BEGIN{ORS=""}{print substr($0,57)}' file.txt

    gives output

    .p].....aY....E....p@........^.............H.?P............76561192439253833 .b4ea035c515c30c0f61d88d6f62e64ea....1.0.4.12..Win64.~."..UNKNOWN..BAD1 .f88552134fdc17a322712b054e31262c....

    Explanation: I inform GNU AWK that output row separator (ORS) is empty string, so nothing is appendend when printing, then for each line I use substr function to get substring of whole line ($0) starting at 57th character and print it. If you want to know more about ORS then read 8 Powerful Awk Built-in Variables – FS, OFS, RS, ORS, NR, NF, FILENAME, FNR

    (tested in gawk 4.2.1)