-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfilter-bgp
executable file
·60 lines (48 loc) · 1010 Bytes
/
filter-bgp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
# v1.0 bgp-filter
#
# Prints to default out bgp fields data
#
# Copyright 2017 Wladimir Guerra
USAGE_MESSAGE="
USAGE:
$(basename $0) -s [separator] -q [d|s|n] [pcap-file]
OPTIONS:
-s [separator]
The data separator. Must be a valid character. For further
details see tshark(1) -E separator option. The default is /t.
-q [d|s|n]
Set quote character to surround fields. See tshark(1) -E
quote option for further details.
"
SEPARATOR=/t
QUOTE=n
while getopts ":s:q:" opt
do
case $opt in
s)
SEPARATOR=$OPTARG
;;
q)
QUOTE=$OPTARG
esac
done
# Shifts to the last argument
shift $((OPTIND -1))
if [ -z $1 ]; then
echo "$USAGE_MESSAGE"
exit 1
fi
if [ ! -f $1 ]; then
echo "[$1] is an invalid file." >&2
exit 1
fi
fields="\
-e _ws.col.Time \
-e frame.time_relative \
-e ip.src \
-e ip.dst \
-e bgp.withdrawn_prefix \
-e bgp.update.path_attribute.as_path_segment.as4 \
-e bgp.nlri_prefix"
tshark -T fields -E separator=$SEPARATOR -E quote=$QUOTE $fields -r $1 bgp.type==2