Trying to convert pcap to txt and showing specific fields.
On thsark 1.12.4 this works:
tshark -nr "input_file.pcap" -E header=y -e frame.number -e frame.time
-e ip.src -e ip.dst -e _ws.col.Protocol -e _ws.col.Info -e data -T fields -V "tcp or udp" > "output_file.txt"
Sadly, on tshark 1.6.7 (which is kind of mendatory) the protocol and info cols don't show.
I've tried all the combinations I could find online: _ws.col.Info, _ws.col.info, col.Info, col.info, Info, info.
Couldn't find anything else.
Any suggestions how to make those cols to show in the ouptput txt file?
Best.
Any suggestions how to make those cols to show in the ouptput txt file?
Talk to whoever is in charge of making 1.6.7 mandatory, convince them not to make it mandatory, and then upgrade to a newer version of Wireshark. That feature - the ability to show columns with -T fields - didn't exist in 1.6.x; it was added later, in the 1.10 release, as the Bugzilla entry for the enhancement request for it indicates.
Related
How can i use the tshark utility to download a list of protocols from a .pcap file? Only protocols are needed.
I am not sure if this is the fastest way but should output what you need.
The following line will output a CSV file
tshark -r file.pcap -E header=y -E separator=, -T fields -e frame.protocols > file.csv
And then you can use the following Python code
import pandas as pd
df = pd.read_csv('file.csv')
new = df["frame.protocols"].str.split(":",expand = True)
pd.value_counts(new.values.ravel())
You can see the number of occurrences of each protocol.
P.S. Ignore eth and ethertype
is there any lvm.conf editor?
I'm trying to set global_filter, use_lvmtad and some other options, currently using sed:
sed -i /etc/lvm/lvm.conf \
-e "s/use_lvmetad = 1/use_lvmetad = 0/" \
-e "/^ *[^#] *global_filter/d" \
-e "/^devices {/a\ global_filter = [ \"r|/dev/drbd.*|\", \"r|/dev/dm-.*|\", \"r|/dev/zd.*|\" ]"
but I don't like this too much, is there any better way?
I found only lvmconfig tool, but it can only display certain configuration sections, and can't edit them.
If you using Ubuntu variant then you can use the LVM GUI to configure and manage the LVM. Refer this link
It seems that augtool is exactly what I was looking for.
These two packages should be enough to proper processing lvm.conf file:
apt install augeas-tools augeas-lenses
Example usage:
augtool print /files/etc/lvm/lvm.conf
And you should get the whole parse tree on stdout.
If the parser fails you won’t get any output, print the error message using:
augtool print /files/etc/lvm/lvm.conf/error
The augtool equivalent for the sed command from the original question:
augtool -s <<EOT
set /files/etc/lvm/lvm.conf/global/dict/use_lvmetad/int "0"
rm /files/etc/lvm/lvm.conf/devices/dict/global_filter
set /files/etc/lvm/lvm.conf/devices/dict/global_filter/list/0/str "r|^/dev/drbd.*|"
set /files/etc/lvm/lvm.conf/devices/dict/global_filter/list/1/str "r|/dev/dm-.*|"
set /files/etc/lvm/lvm.conf/devices/dict/global_filter/list/2/str "r|/dev/zd.*|"
EOT
For some automation purpose I have below requirements for the Wireshark log file(.pcap).
1-Conversion of Wireshark logs(.pcap file ) to text file with detail of packets.
2-Conversion of Wireshark logs (.pcap file) to text file with some filter (eg: bssgp.pdu_type == 0x00) with detail of packets.
I know how to convert the wireshark files to text file through GUI,
But I need the cli commands for the same to automate the procedure.
Thanks in advance
To convert a .pcap file to text output, you can run:
tshark -V -r file.pcap > file.txt
If you only want to convert certain packets that match a Wireshark display filter, then using your filter, you can run:
tshark -Y "bssgp.pdu_type == 0x00" -V -r file.pcap > file.txt
If the -V option provides too much detail, you can limit the detail to specific protocol(s) by using the -O option instead. For example, to provide details for bssgp only and a summary for all other protocols, try:
tshark -Y "bssgp.pdu_type == 0x00" -O bssgp -r file.pcap > file.txt
Refer to the tshark man page for more details about these options.
So I'm using weka 3.7.11 in a Windows machine (and runnings bash scripts with cygwin), and I found an inconsistency regarding the AODE classifier (which in this version of weka, comes from an add-on package).
Using Averaged N-Dependencies Estimators from the GUI, I get the following configuration (from an example that worked alright in the Weka Explorer):
weka.classifiers.meta.FilteredClassifier -F "weka.filters.unsupervised.attribute.Discretize -F -B 10 -M -1.0 -R first-last" -W weka.classifiers.bayes.AveragedNDependenceEstimators.A1DE -- -F 1 -M 1.0 -S
So I modified this to get the following command in my bash script:
java -Xmx60G -cp "C:\work\weka-3.7.jar;C:\Users\Oracle\wekafiles\packages\AnDE\AnDE.jar" weka.classifiers.meta.FilteredClassifier \
-t train_2.arff -T train_1.arff \
-classifications "weka.classifiers.evaluation.output.prediction.CSV -distribution -p 1 -file predictions_final_multi.csv -suppress" \
-threshold-file umbral_multi.csv \
-F "weka.filters.unsupervised.attribute.Discretize -F -B 10 -M -1.0 -R first-last" \
-W weka.classifiers.bayes.AveragedNDependenceEstimators.A1DE -- -F 1 -M 1.0 -S
But this gives me the error:
Weka exception: No value given for -S option.
Which is weird, since this was not a problem with the GUI. In the GUI, the Information box says that -S it's just a flag ("Subsumption Resolution can be achieved by using -S option"), so it shouldn't expect any number at all, which is consistent with what I got using the Explorer.
So then, what's the deal with the -S option when using the command line? Looking at the error text given by weka, I found this:
Options specific to classifier weka.classifiers.bayes.AveragedNDependenceEstimators.A1DE:
-D
Output debugging information
-F <int>
Impose a frequency limit for superParents (default is 1)
-M <double>
Specify a weight to use with m-estimate (default is 1)
-S <int>
Specify a critical value for specialization-generalilzation SR (default is 100)
-W
Specify if to use weighted AODE
So it seems that this class works in two different ways, depending on which method I use (GUI vs. Command Line).
The solution I found, at least for the meantime, was to write -S 100 on my script. Is this really the same as just putting -S in the GUI?
Thanks in advance.
JM
I've had a play with this Classifier, and can confirm that what you are experiencing on your end is consistent with what I have here. From the GUI, the -S Option (subsumption Resolution) requires no parameters while the Command Prompt does (specialization-generalization SR).
They don't sound like the same parameter, so you may need to raise this issue with the developer of the third party package if you would like to know more information on these parameters. You can find this information from the Tools -> Package Manager -> AnDE, which will point you to the contacts for the library.
I am trying to spellcheck a LaTeX document (using Word), and use OpenDetex to convert it to plain text. The command line with default parameters:
$ detex foo.tex > foo.txt
Problem: some garbage, especially bibliography ids from \citep{} and \citet{} commands stay in the text.
How can I exclude these specific tags?
The -c option only excludes \cite, but not \citep and \citet.
I tried using the -e option like:
$ detex -e citep foo.tex > foo.txt
to no avail.
The documentation is a bit vague on that:
detex [-e environment-list] [-c] [-l] [-n] [-s] [-t] [-w] [file[.tex] ]
...
-e <env-list> list of LaTeX environments to ignore\n
...
Any ideas how to make it work?
\citep and \citet are not LaTeX environments, they are commands, and as such the -e flag of detex has no effect on it. The flag -e is only for environments.
The new version of detex 2.8.2 that you can obtain here.
as long as the commands (\citep and \citet) do not start at the first character in a line -- that is a bug and will be fixed.