用tcpdump截获msn信息

用tcpdump截获msn信息

#!/bin/sh
echo "" > temp.1
echo "" > temp.3
#此处没有限制多少个msn数据包
tcpdump -f -lnx -s 0 host 192.168.0.1 and port 1863 > temp.0

lines=`cat temp.0 | wc -l`
line=1
while [ $line -le $lines ]
do
#此处获取时间收发ip等信息
        memo=`sed -n ''"$line"'p' temp.0 | gawk '{if (!~/^0x/)print ,,,,,,,,,,," "}'`
        memo=$"aaaaaaaa"
        if [ "$memo" = "aaaaaaaa" ]
        then
#截取数据包中数据部分
                ōut=`sed -n ''"$line"'p' temp.0 | cut -c"11-14, 16-19, 21-24, 26-29, 31-34, 36-39, 41-44, 46-49"`
                echo -n "$out" >> temp.1
       else
                echo "" >> temp.1
                ōut=`sed -n ''"$line"'p' temp.0 | gawk '{if (!~/^0x/)print ,,,,,,,,,,," "}'`
                echo -n "$out" >> temp.1
       fi
line=`expr $line + 1`
done
echo "" >> temp.1
#删除空行和前两行
sed '/^&/d' temp.1 | sed '1,2d' > temp.2
lines=`cat temp.2 | wc -l`
line=1
while [ $line -le $lines ]
do
#获取要现实的内容
        TIME=`sed -n ''"$line"'p' temp.2 | gawk '{print }' | gawk -F "." '{print }'`
        FROM=`sed -n ''"$line"'p' temp.2 | gawk '{print }'`
        TO=`sed -n ''"$line"'p' temp.2 | gawk '{print }'`
#根据标志位确定并截取msn数据
        DATA0=`sed -n ''"$line"'p' temp.2 | awk '{print }' | gawk -F "0d0a0d0a" '{print }' | sed '/^0d0a$/d' | sed 's/../%&/g'`
#将截获的utf-8十六进制数交由perl的URI::Escape模块处理并显示中英文
        DATA=`perl  -e "use URI::Escape; print uri_unescape('$DATA0');"`
        isnull=`echo $DATA | wc -m`
        if [ $isnull -gt 1 ]
        then
                echo "$ FROM $ TO $ DATA: $"
        fi
        line=`expr $line + 1`
done
rm -f temp.*