- 论坛徽章:
- 0
|
怎么写这个shell,处理/usr/sbin/tcpdump -i eth2 arp 的输出结果
例如:
要求执行30秒
之后比如输出结果为
14:56:46.002083 arp reply 192.168.1.95 is-at 00:07:e9:0a:83:1b (oui Unknown)
14:56:46.311967 arp who-has 192.168.0.7 tell 192.168.0.254
14:56:46.312061 arp reply 192.168.0.7 is-at 00:0b:2f:1b:1a:ae (oui Unknown)
14:56:46.339961 arp who-has 192.168.0.85 tell 192.168.0.254
14:56:46.340164 arp reply 192.168.0.85 is-at 00:07:e9:0a:3f:87 (oui Unknown)
14:56:46.429956 arp who-has 192.168.1.195 tell 192.168.0.254
14:56:46.430313 arp reply 192.168.1.195 is-at 00:07:e9:0a:82:c7 (oui Unknown)
14:56:46.664942 arp who-has 192.168.0.87 tell 192.168.0.254
14:56:46.864927 arp who-has 192.168.0.18 tell 192.168.0.254
14:56:46.865721 arp reply 192.168.0.18 is-at 00:0b:2f:1b:32:34 (oui Unknown)
14:56:46.920996 arp who-has 192.168.1.64 tell 192.168.0.57
14:56:47.663878 arp who-has 192.168.0.87 tell 192.168.0.254
14:56:48.094845 arp who-has 192.168.1.113 tell 192.168.0.254
14:56:48.095088 arp reply 192.168.1.113 is-at 00:07:e9:0a:82:f9 (oui Unknown)
14:56:48.143841 arp who-has 192.168.0.83 tell 192.168.0.254
14:56:48.144240 arp reply 192.168.0.83 is-at 00:07:e9:0a:6f:f1 (oui Unknown)
14:56:48.156792 arp who-has 192.168.1.64 tell 192.168.0.57
14:56:48.162838 arp who-has 192.168.0.202 tell 192.168.0.254
14:56:48.163418 arp reply 192.168.0.202 is-at 00:1b:24:9b:f8:b7 (oui Unknown)
14:56:48.281187 arp who-has 192.168.1.10 tell 192.168.0.252
14:56:48.281339 arp who-has 192.168.1.11 tell 192.168.0.252
14:56:48.285631 arp who-has 192.168.1.18 tell 192.168.0.252
14:56:48.286753 arp who-has 192.168.1.20 tell 192.168.0.252
14:56:48.287020 arp who-has 192.168.1.21 tell 192.168.0.252
14:56:48.288157 arp who-has 192.168.1.23 tell 192.168.0.252
14:56:48.288430 arp who-has 192.168.1.25 tell 192.168.0.252
14:56:48.292944 arp who-has 192.168.1.31 tell 192.168.0.252
14:56:48.293374 arp who-has 192.168.1.33 tell 192.168.0.252
14:56:48.294484 arp who-has 192.168.1.36 tell 192.168.0.252
14:56:48.300106 arp who-has 192.168.1.55 tell 192.168.0.252
14:56:48.300414 arp who-has 192.168.1.56 tell 192.168.0.252
14:56:48.303888 arp who-has 192.168.1.60 tell 192.168.0.252
14:56:48.305169 arp who-has 192.168.1.62 tell 192.168.0.252
14:56:48.313496 arp who-has 192.168.1.72 tell 192.168.0.252
请问我改怎么写这个shell.实现
is-at 后面mac地址出现3次以上的输出出来
tell 后面的ip地址出现3次以上的输出出来,输出格式为
次数 IP或MAC
20 192.168.0.252
3 00:1b:24:9b:f8:b7
请问这个shell 怎么写,在线等. |
|