I am trying to do packet capture analysis with tshark on about 30000 files looking for a needle in the haystack.The files containing interesting needles contain icmp failures. I wrote a script which iterates though these files with tshark but they all return 0 results.
tshark -r <filename> -Y "icmp.no_resp"
tshark -r <filename> -Y "icmp.resp_not_found"
Both ofthese commands yield 0 results. However when I open a specific file and use the display filter "icmp.no_resp" or "icmp.resp_not_found" I see results.
Is this a bug in T-shark where it can't identify response not found?
I'm running tshark/wireshark v3.6.7 on Ubuntu
I figured it out.
tshark requires multiple passes to identify certain display filters. Doing a command like so creates this.
tshark -r <filename> -Y "icmp.resp_not_found" -2
I hope this helps someone in the future.
Related
Right now i'm using the followin code:
while read num;
do M=$(curl "myurl/$num")
echo "$M"
done < s.txt
where s.txt contains a list (1 per line) of a part of the url.
Is it correct to assume that curl is running sequentially?
Or is it running in thread/jobs/multiple conn at a time?
I've found this online:
parallel -k curl -s "http://example.com/locations/city?limit=100\&offset={}" ::: $(seq 100 100 30000) > out.txt
The problem is that my sequence is coming from a file or from a variable (one element per line) and i can't adapt it to my needs
I've not fully understood how to pass the list to parallel
Should i save all the curl commands in the list and run it with parallel -a ?
Regards,
parallel -j100 -k curl myurl/{} < s.txt
Consider spending an hour walking through man parallel_tutorial. Your command line will love you for it.
For some automation purpose I have below requirements for the Wireshark log file(.pcap).
1-Conversion of Wireshark logs(.pcap file ) to text file with detail of packets.
2-Conversion of Wireshark logs (.pcap file) to text file with some filter (eg: bssgp.pdu_type == 0x00) with detail of packets.
I know how to convert the wireshark files to text file through GUI,
But I need the cli commands for the same to automate the procedure.
Thanks in advance
To convert a .pcap file to text output, you can run:
tshark -V -r file.pcap > file.txt
If you only want to convert certain packets that match a Wireshark display filter, then using your filter, you can run:
tshark -Y "bssgp.pdu_type == 0x00" -V -r file.pcap > file.txt
If the -V option provides too much detail, you can limit the detail to specific protocol(s) by using the -O option instead. For example, to provide details for bssgp only and a summary for all other protocols, try:
tshark -Y "bssgp.pdu_type == 0x00" -O bssgp -r file.pcap > file.txt
Refer to the tshark man page for more details about these options.
I try to get Read all HTTP URLs from PCAp file using this command line command:
tshark -R -e http.request.uri -r C:file.pcap
And got the message
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
What's wrong with my filter ?
Using the filter as single pass, like suggested, does it for me:
tshark -Y http.request.uri -r capturefile
So I'm using weka 3.7.11 in a Windows machine (and runnings bash scripts with cygwin), and I found an inconsistency regarding the AODE classifier (which in this version of weka, comes from an add-on package).
Using Averaged N-Dependencies Estimators from the GUI, I get the following configuration (from an example that worked alright in the Weka Explorer):
weka.classifiers.meta.FilteredClassifier -F "weka.filters.unsupervised.attribute.Discretize -F -B 10 -M -1.0 -R first-last" -W weka.classifiers.bayes.AveragedNDependenceEstimators.A1DE -- -F 1 -M 1.0 -S
So I modified this to get the following command in my bash script:
java -Xmx60G -cp "C:\work\weka-3.7.jar;C:\Users\Oracle\wekafiles\packages\AnDE\AnDE.jar" weka.classifiers.meta.FilteredClassifier \
-t train_2.arff -T train_1.arff \
-classifications "weka.classifiers.evaluation.output.prediction.CSV -distribution -p 1 -file predictions_final_multi.csv -suppress" \
-threshold-file umbral_multi.csv \
-F "weka.filters.unsupervised.attribute.Discretize -F -B 10 -M -1.0 -R first-last" \
-W weka.classifiers.bayes.AveragedNDependenceEstimators.A1DE -- -F 1 -M 1.0 -S
But this gives me the error:
Weka exception: No value given for -S option.
Which is weird, since this was not a problem with the GUI. In the GUI, the Information box says that -S it's just a flag ("Subsumption Resolution can be achieved by using -S option"), so it shouldn't expect any number at all, which is consistent with what I got using the Explorer.
So then, what's the deal with the -S option when using the command line? Looking at the error text given by weka, I found this:
Options specific to classifier weka.classifiers.bayes.AveragedNDependenceEstimators.A1DE:
-D
Output debugging information
-F <int>
Impose a frequency limit for superParents (default is 1)
-M <double>
Specify a weight to use with m-estimate (default is 1)
-S <int>
Specify a critical value for specialization-generalilzation SR (default is 100)
-W
Specify if to use weighted AODE
So it seems that this class works in two different ways, depending on which method I use (GUI vs. Command Line).
The solution I found, at least for the meantime, was to write -S 100 on my script. Is this really the same as just putting -S in the GUI?
Thanks in advance.
JM
I've had a play with this Classifier, and can confirm that what you are experiencing on your end is consistent with what I have here. From the GUI, the -S Option (subsumption Resolution) requires no parameters while the Command Prompt does (specialization-generalization SR).
They don't sound like the same parameter, so you may need to raise this issue with the developer of the third party package if you would like to know more information on these parameters. You can find this information from the Tools -> Package Manager -> AnDE, which will point you to the contacts for the library.
I have some RNA paired-end files which I have used tophat to allign
~/tophat-2.0.7.Linux_x86_64/./tophat -p10 --segment-length 18
--no-coverage-search --segment-mismatches 1 -G
then samtools
samtools sort -n /media//PRE_6_8_2/accepted_hits.bam
/media/PRE_6_8_2/PRE_6_8_2.sort.hg19.bam
and then
samtools view /media/PRE_6_8_2/PRE_6_8_2.sort.hg19.bam.bam
/media/PRE_6_8_2/PRE_6_8_2.sort.hg19.sam
then I am trying to use DEXSeq and using the
python2.7 /home/3.0/DEXSeq
/python_scripts/dexseq_count.py -p yes -r name -s no
/media/PRE_6_8_2/hg19/hg19_IlluminaAnnotation_genes.gtf
/media/PRE_6_8_2/PRE_6_8_2.sort.hg19.sam
/media/PRE_6_8_2//PRE_6_8_2/untreated1fb.txt
and gives me
_ambiguous 0
_empty 39845364
_lowaqual 0
_notaligned 0
without any reads for any exons. 0 for everything
whereas by using the htseq-count -r name -s no everything looks fine (reads in genes)...
could you please advice me how to solve it? I really need to run the DEXseq as I want reads per exon to detect splice differences.
Thank you in advance for your help
I had a similar problem, please use the correct genome reference file/ gene annotation file (.gff file obtained by flattening .gtf file downloaded from reference genome) and you will get the count for your exons.