Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 months ago.
The community reviewed whether to reopen this question 3 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I have a pcap with two MPLS headers . i observe the match criteria for every field in both the MPLS headers are similar . How do I differentiate between the two MPLS headers ? Is it possible to achieve this via Wireshark or tshark ? If it is possible to achieve via tshark , please share the linux cmd.
For example , i am trying to filter using -
mpls.exp==7 && mpls.bottom == 0
but with the above match filter criteria , even those packets where mpls.exp==7 (in header1) and mpls.bottom==0 (in header 2) are matched. Attaching pcap snip for your reference.
above match criteria matching exp from header 1 and bottom of stack from header 1
above match criteria matching exp from header 2 and bottom of stack from header 1
TIA.
Tried to filter this using tsahrk in linux . Still not able to get the desired result -
Expected result - only the first 8 packets only should be matched
Observed result - 16 packets are matched
Tshark cmd :
tshark -r capture2_11-17-2022_11-15-15.pcap -T fields -E header=y -e mpls.exp -e mpls.bottom mpls.bottom==0 and mpls.exp==7
tshark output table
2nd EDIT: I thought of an alternative solution, which I'll now describe here. (Note that I would have provided this alternative solution, which involves programming in the form of a Lua script, as a separate answer, but it seems folks were a little trigger-happy in closing this question, so I have no choice but to supply it here. If the question is reopened, which I've voted to do, I can make this a separate answer.)
What you can do is create an MPLS Lua postdissector that adds new mpls_post.exp and mpls_post.bottom fields to an MPLS postdissector tree. You can then use those new fields in your filter to accomplish your goal. As an example, consider the following Lua postdissector:
local mpls_post = Proto("MPLSPost", "MPLS Postdissector")
local pf = {
expbits = ProtoField.uint8("mpls_post.exp", "MPLS Experimental Bits", base.DEC),
bottom = ProtoField.uint8("mpls_post.bottom", "MPLS Bottom of Label Stack", base.DEC)
}
mpls_post.fields = pf
local mpls_exp = Field.new("mpls.exp")
local mpls_bottom = Field.new("mpls.bottom")
function mpls_post.dissector(tvbuf, pinfo, tree)
local mpls_exp_ex = {mpls_exp()}
local mpls_bottom_ex = {mpls_bottom()}
if mpls_exp_ex == nil or mpls_bottom_ex == nil then
return
end
local mpls_post_tree = tree:add(mpls_post)
mpls_post_tree:add(pf.expbits, mpls_exp_ex[1].range, mpls_exp_ex[1].value)
mpls_post_tree:add(pf.bottom, mpls_bottom_ex[1].range, mpls_bottom_ex[1].value)
end
register_postdissector(mpls_post)
If you save this to a file, e.g. mpls_post.lua and place that file in your Wireshark Personal Lua Plugins directory, which you can find from "Help -> About Wireshark -> Folders" or from tshark -G folders, then [re]start Wireshark, you will be able to apply a filter such as follows:
mpls_post.exp==7 && mpls_post.bottom == 0
You can also use tshark to do the same, e.g.:
tshark -r capture2_11-17-2022_11-15-15.pcap -Y "mpls_post.exp==7 && mpls_post.bottom==0" -T fields -E header=y -e mpls_post.exp -e mpls_post.bottom
(NOTE: The tshark command, as written, will simply print out what you already know, namely 7 and 0, so presumably you want to print more than just that, but this is the idea.)
I think this is probably the best that can be done for now until the Wireshark MPLS dissector is modified so that layer operators work as expected for this protocol, but there are no guarantees that any changes to the MPLS dissector will ever be made in this regard.
EDIT: I'm sorry to say that the answer I provided doesn't actually work for MPLS. It doesn't work because the MPLS dissector is only called once and it then loops through all labels as long as bottom of stack isn't true, but it doesn't call itself recursively, which is what would be needed in this case in order for the second label to be considered another layer. The layer syntax does work for other protocols such as IP (in the case of tunneled traffic or ICMP error packets) and others though, so it's a good thing to keep in mind, but unfortunately it won't be of much use for MPLS, at least not in the Wireshark MPLS dissector's current state. I suppose I'll leave the answer up [for now] in case the dissector is ever changed in the future to allow for the layer syntax to work as one might intuitively expect it to work. And unfortunately, I can't think of an alternative solution to this problem at this time.
With Wireshark >= version 4.0, you can use the newly introduced syntax for matching fields from specific layers. So, rather than specifying mpls.exp==7 && mpls.bottom == 0 as the filter, which matches fields from any layer, use the following syntax instead, which will only match against fields from the first layer:
mpls.exp#1 == 7 && mpls.bottom#1 == 0
Refer to the Wireshark 4.0.0 Release Notes for more details about this new syntax as well as for other display filter changes, and/or to the wireshark-filter man page.
NOTE: You can also achieve this with tshark, although you can't [yet] selectively choose which field is displayed. For example:
tshark -r capture2_11-17-2022_11-15-15.pcap -Y "mpls.exp#1 == 7 && mpls.bottom#1 == 0" -T fields -E header=y -e mpls.exp -e mpls.bottom
To be clear, you can't [yet] specify -e mpls.exp#1 and -e mpls.bottom#1.
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I have a case where after deploying to a server, the UI of my web page takes around 20 mins to load. The API is available almost immediately.
I need a way to use curl to load a web page and verify from the response that whether the web page is loaded or not.
Combining curl with grep you can request your page and see if it loads by looking for a specific string you'd expect to see when it renders correctly.
Something like:
curl -o - https://www.example.com/ | grep "Something from successful response"
if [ $? -eq 0 ] ; then
echo "Success"
else
echo "Fail"
fi
The -o - option to curl outputs the response to stdout which is then piped to grep which looks for a specific string from a successful. Depending on your needs there may be other ways but this sounds like it matches what you're asking.
Also note if your UI takes 20 minutes to load the first time, you might need to adjust some curl options (e.g. --max-time) to allow for longer timeouts.
I've recently installed arbtt which seems to be an intersting, rule based, automatic time tracker. http://arbtt.nomeata.de/#what
I've got it working for the most part, but after 30 minutes or so of gathering stats, I end up with the following error.
Processing data [=>......................................................................................................................................................................................] 1%
arbtt-stats: Prelude.(!!): index too large
Does anyone have any suggestions on ways I can troubleshoot this issue, or better yet, solve it? I have 0 experience with the coding language used to create the rules (Haskell I believe). All I've done to this point is follow the documentation as closely as possible.
This error ultimately renders the tool useless since it doesn't gather data any longer than 30 minutes. To fix it, I have to delete the log and start from scratch. I'm primarily interested in the notion of having a customizable, rule based time tracker but I'm by no means tied to using arbtt.
Based on the comments below, I'm including some more information below.
When I try to run arbtt-recover I get a long list of errors that look like this. All of them seem to be related to an Unsupported TimeLogEntry.
Trying at position 1726098.
Failed to read value at position 1726098:
Unsupported TimeLogEntry version tag 0
As for the configuration file, here is what I have so far.
$idle > 30 ==> tag inactive,
-- A rule that matches on a list of strings
current window $program == ["Chrome", "Firefox"] ==> tag Web,
current window $program == ["skype"] ==> tag Skype,
current window $program == ["jetbrains-phpstorm"] ==> tag PhpStorm,
( current window $title =~ m!Inbox! ||
current window $title =~ m!Outlook! ) ==> tag Emails,
( current window $title =~ m!AdWords! ||
current window $title =~ m!Analytics! ) ==> tag Adwords,
It goes on further, but I'm fairly confident I've followed this same syntax for all other lines. The rest of the lines are following the same format but are project/client specific for me. If required, I'm happy to include the rest of the file.
As discussed in the comments: This is a case of a corrupt ~/.arbtt/capture.log. You can usually fix this by
running arbtt-recover
and then moving ~/.arbtt/capture.log.recovered to ~/.arbtt/capture.log.
The second manual step is required to avoid accidentially deleting too much data. You can test that the recovered file is better by making arbtt-stats using the recovered file by passing --logfile=~/.arbtt/capture.log.recovered to it.
Data corruption happens for example when there is an unclean shutdown, or other undetermined reasons. But the log file format is such that even after a corruption (e.g. a partial write of one sample), further samples will be written correctly and should be picked up by arbtt-recover, so you did not lose more than a few samples.
I'm using a unified log on a server running Red Hat 6, receiving directed log messages from others servers and managing them with RSyslog. Until now, the /etc/rsyslog.conf have this rule:
if $fromhost-ip startswith '172.20.' then /var/log/mylog.log
But I don't want to log messages that contains "kernel" and "dnat", so I want to filter all messages, enhancing the rule.
How can I do that?
This looks like a question better suitable for Unix & Linux. Having appropriately notified that this is not the right place, I'll go and break the rules by answering it anyway.
Depending a bit on the version of Red Hat you're using, you can use rsyslogd's conditional filters or RainerScript in various ways to express a combination of several logical rules. On Red Hat 6 you could say something like this to accomplish what you want using a conditional filter:
if ( $fromhost-ip startswith '172.20.' and \
$syslog-facility-text != 'kern' ) then /var/log/mylog.log
You can find more examples from the Rsyslog v5 manual.
I'm working on supporting of the TCL (thermal control protocol, stupid name, its a printer protocol of futurelogic) but i cannot find resources about this protocol, how it is, how it works, nothing, on theirs site i only found this mention http://www.futurelogic-inc.com/trademarks.aspx
any one had worked with it? does any one knows where can i find the data sheet?
The protocol is documented on their website http://www.futurelogic-inc.com/support/downloads/
If you are targetting the PSA66ST model it supports a number of protocols TCL, which is quite nice for delivering templated tickets and, line printing using the Epson ESC/P protocol.
This is all explained in the protocol document.
Oops, these links are incorrect and only correspond to marketing brochures. You will need to contact Futurelogic for the protocol documents. Probably also need to sign an NDA. Anyway, the information may guide you some more.
From what I can gather, it seems the FutureLogic thermal printers do not support general printing, but only printing using predefined templates stored in the printer's firmware. The basic command structure is a caret ^ followed by a one or two character command code, with arguments delimited using a pipe |, and the command ended with another caret ^. I've been able to reverse-engineer a few commands:
^S^ - Printer status
^Se^ - Extended printer status
^C|x|^ - Clear. Known arguments:
a - all
j - jam
^P|x|y0|...|yn|^ - Print fields y0 through yn using template x.
Data areas are defined in the firmware using a similar command format, command ^D|x|y0|...|yn|^, and templates are defined from data areas using command ^T|z|x0|...|xn|^.
This question already has answers here:
Passing arguments to an interactive program non-interactively
(5 answers)
Closed 2 years ago.
The community reviewed whether to reopen this question 1 year ago and left it closed:
Original close reason(s) were not resolved
Is it possible to have a bash script automatically handle prompts that would normally be presented to the user with default actions? Currently I am using a bash script to call an in-house tool that will display prompts to the user (prompting for Y/N) to complete actions, however the script I'm writing needs to be completely "hands-off", so I need a way to send Y|N to the prompt to allow the program to continue execution. Is this possible?
A simple
echo "Y Y N N Y N Y Y N" | ./your_script
This allow you to pass any sequence of "Y" or "N" to your script.
This is not "auto-completion", this is automation. One common tool for these things is called Expect.
You might also get away with just piping input from yes.
If you only have Y to send :
$> yes Y |./your_script
If you only have N to send :
$> yes N |./your_script
I found the best way to send input is to use cat and a text file to pass along whatever input you need.
cat "input.txt" | ./Script.sh
In my situation I needed to answer some questions without Y or N but with text or blank. I found the best way to do this in my situation was to create a shellscript file. In my case I called it autocomplete.sh
I was needing to answer some questions for a doctrine schema exporter so my file looked like this.
-- This is an example only --
php vendor/bin/mysql-workbench-schema-export mysqlworkbenchfile.mwb ./doctrine << EOF
`#Export to Doctrine Annotation Format` 1
`#Would you like to change the setup configuration before exporting` y
`#Log to console` y
`#Log file` testing.log
`#Filename [%entity%.%extension%]`
`#Indentation [4]`
`#Use tabs [no]`
`#Eol delimeter (win, unix) [win]`
`#Backup existing file [yes]`
`#Add generator info as comment [yes]`
`#Skip plural name checking [no]`
`#Use logged storage [no]`
`#Sort tables and views [yes]`
`#Export only table categorized []`
`#Enhance many to many detection [yes]`
`#Skip many to many tables [yes]`
`#Bundle namespace []`
`#Entity namespace []`
`#Repository namespace []`
`#Use automatic repository [yes]`
`#Skip column with relation [no]`
`#Related var name format [%name%%related%]`
`#Nullable attribute (auto, always) [auto]`
`#Generated value strategy (auto, identity, sequence, table, none) [auto]`
`#Default cascade (persist, remove, detach, merge, all, refresh, ) [no]`
`#Use annotation prefix [ORM\]`
`#Skip getter and setter [no]`
`#Generate entity serialization [yes]`
`#Generate extendable entity [no]` y
`#Quote identifier strategy (auto, always, none) [auto]`
`#Extends class []`
`#Property typehint [no]`
EOF
The thing I like about this strategy is you can comment what your answers are and using EOF a blank line is just that (the default answer). Turns out by the way this exporter tool has its own JSON counterpart for answering these questions, but I figured that out after I did this =).
to run the script simply be in the directory you want and run 'sh autocomplete.sh' in terminal.
In short by using << EOL & EOF in combination with Return Lines you can answer each question of the prompt as necessary. Each new line is a new answer.
My example just shows how this can be done with comments also using the ` character so you remember what each step is.
Note the other advantage of this method is you can answer with more then just Y or N ... in fact you can answer with blanks!
Hope this helps someone out.
There is a special build-in util for this - 'yes'.
To answer all questions with the same answer, you can run
yes [answer] |./your_script
Or you can put it inside your script have specific answer to each question