0

I am processing a 7 PCAP file by splitting the file based on MAC address this is fine but I have various variables where I want to iterate through

${macs[*]} - I have a list 10 of different MAC address I would like to iterate through them ${devices[0]} - I have a list of 10 devices e.g. Samsung, Phillips I want to add a number to each file 

for pcf in $pcap_file
do
    for mac in ${macs[*]}
       do
        echo "$mac" >&2
        /usr/bin/tshark -r "$pcf" -Y "eth.addr eq $mac" -w ${devices[0]}.pcap
     done
done 

At the moment I am manually uncommenting/commenting them 
macs=(  d0:45:a8:00:67:5e  ) 
macs=(  44:65:0d:56:cc:d3  ) 
macs=(  70:ee:50:34:34:43 ) 
devices=('Samsunghub_1' 'Samsunghub_2' 'Samsunghub_3' 'Samsunghub_4' 'Samsunghub_5' 'Samsunghub_6' 'Samsunghub_7')
devices=('Echo_1' 'Echo_2' 'Echo_3' 'Echo_4' 'Echo_5' 'Echo_6' 'Echo_7')
devices=('netamo_1' 'netamo_2' 'netamo_3' 'netamo_4' 'netamo_5' 'netamo_6' 'netamo_7')

I want to iterate through each PCAP file extract based on the MAC address then label each one based on the "devices" but adding a number at the end

Improve this question

1 Answer 1

Reset to default
1

I'm not entirely clear what you are doing based on your post, but if you are making counts of the items it may be more useful to structure the devices as an associative array. Then just increment the value as you increase your count.

declare -A AA_devices AA_devices[Samsunghub]="7" AA_devices[Echo]="7" AA_devices[netamo]="7"

You'd presumably want to set each equal to zero to begin. Once incremented you could use that data to either create the arrays you have outlined above (by iterating over your associative array) or whatever you want.

If you are counting which device based on which MAC address, you could then set an if/then statement that increments the devices counts.

for mac in "${macs[@]}" ; do if mac = xx:xx:xx:xx ; then AA_devices[netamo]+=1

Otherwise, let me know where I've misunderstood and I'll try again!

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Maybe just forget about the numbers i have 7 PCAP files all i want to do is go through each PCAP file using tshark to extract the data based on "MAC address" the label the new pcap file "devices"
If you grep the file (grep -r "${mac}" /path/to/file.txt) you can use -B1 and -A5 to capture lines before and after (one and five in this example: grep -r -B1 -A5 "${mac}" /path/to/file.txt). Of if you use an array for MAC addresses something like this: grep -r -B1 -A5 "${a_macs[i]}" /path/to/file.txt (where i iterates through the elements).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.