What I'm trying to do is quite simple. I'm generating output from tshark and redirecting it to awk with a pipe |. Since tshark gets live data, I want that awk search in every output for a pattern (some MAC addresses that I already have) in the first column in a file ("target.txt") and, if there's a match, awk should output the first and second column from this file.
Example from target.txt:
ab:cd:ef:gh:ij:kl,Me
12:34:56:78:90:10,You
1b:2d:3f:4h:5j:6l,someone
To make it all easier, my tshark output has only 2 columns, and the MAC address column is the second one.
1 line of tshark output is like:
Jun 16, 2014 02:55:51.300286000 12:34:56:78:90:10
^^^^- date and MAC are separated by tab!
So if tshark finds 12:34:56:78:90:10, awk will output
12:34:56:78:90:10 -> You
or even better:
Jun 16, 2014 02:55:51.300286000 12:34:56:78:90:10 -> You
EDIT #1
Well, I did some tests and find out that tsharks output is separated by tab \t. It's not a big deal, but already a small improvement. The thing is, I got samples from tshark output and tested with Gnoucs answer through a echo command before the pipe | . It worked. Then I changed the echo for tshark and everything stopped working =).
Is it a problem with the live data or something like that? Here's my code until now:
$ tshark -I -i wlan0 -T fields -e radiotap.dbm_antsignal -e wlan.sa | awk -F'[ ,\t]' '
FNR == NR { a[$1] = $2 }
($NF in a) { print $0" -> "a[$NF] }
' alvos.txt -
well, it just worked! It was probably a typo.
Thanks for all answers!
Best Answer
Try this:
Example:
Explanation
-F[ ,\t]: we use comma, space or tab as field separators.FNR == NR { a[$1] = $2 }:FNR == NRonly true when processing first file. So with each line intarget.txt, we save the second field to an associative array, with the first field (MAC address) is the index.($NF in a): When reading the input (-aftertarget.txtcausesawkreading from input), if the last field is in associative arraya, we print the desired result.