我想剪切二进制文件的某些部分,从特定的模式开始到特定的模式结束。如何在 Linux 中使用 bash 来做到这一点。可以使用 sed 或 awk 来完成吗?
我有一个如下所示的文件。
bd=0x422e90e0ff4abc00 pad=0x82 offset=0x05 dst=00:0d:bc:03:6d:80 src=00:50:a2:df:e8:1c etype=0x0800 ip:版本=4 headerwords=5 tos=32 length=142 ip:id=201 flags=0x2 fragmentoffset=0 ip:ttl=117 protocol=6 checksum=0x0000 ip:源地址=36.190.253.236 ip:目标地址=125.182.162.162 bd=0x422e90e0ff61f000 pad=0x92 offset=0x19 dst=00:50:a2:df:e8:1c src=00:0d:bc:03:6d:80 etype=0x0800 ip:版本=4 headerwords=5 tos=0 长度=40 ip:id=11084 标志=0x2 fragmentoffset=0 ip:ttl=62 协议=6 校验和=0x0000 ip:源地址=125.182.162.162 ip:目标地址=36.190.253.236 bd=0x422e90e0ff6bb900 pad=0xb8 偏移量=0x06 dst=00:50:a2:df:e8:1c src=00:0d:bc:03:6d:80 etype=0x0800 ip:版本=4 headerwords=5 tos=0 长度=40 ip:id=15720 标志=0x2 fragmentoffset=0 ip: ttl=62 协议=6 校验和=0x0000 ip: 源地址=125.182.162.162 ip: 目标地址=36.190.253.236 bd=0x422e90e0ffbe9a00 pad=0xbb 偏移量=0xc5 dst=00:50:a2:df:e8:1c src=00:0d:bc:03:6d:80 etype=0x0800 ip: 版本=4 headerwords=5 tos=0 长度=186 ip: id=15722 标志=0x2 fragmentoffset=0 ip: ttl=62 协议=6 校验和=0x0000 ip: 源地址=125.182.162.162 ip:目的地地址=36.190.253.236
我需要将此文件从 bd=0x422e90e0ff61f000 剪切到 bd=0x422e90e0ffbe9a00。可以使用 sed 或 awk 来完成吗?
答案1
像这样吗?(你的这段文字保存在一个文件中foo.txt)
$ cat foo.awk
BEGIN {
RS = "bd=[a-fx0-9]* ";
FS = "";
}
{
print $0;
}
$ awk -f foo.awk foo.txt
pad=0x82 offset=0x05 dst=00:0d:bc:03:6d:80 src=00:50:a2:df:e8:1c etype=0x0800 ip: version=4 headerwords=5 tos=32 length=142 ip: id=201 flags=0x2 fragmentoffset=0 ip: ttl=117 protocol=6 checksum=0x0000 ip: sourceaddress=36.190.253.236 ip: destinaddress=125.182.162.162
pad=0x92 offset=0x19 dst=00:50:a2:df:e8:1c src=00:0d:bc:03:6d:80 etype=0x0800 ip: version=4 headerwords=5 tos=0 length=40 ip: id=11084 flags=0x2 fragmentoffset=0 ip: ttl=62 protocol=6 checksum=0x0000 ip: sourceaddress=125.182.162.162 ip: destinaddress=36.190.253.236
pad=0xb8 offset=0x06 dst=00:50:a2:df:e8:1c src=00:0d:bc:03:6d:80 etype=0x0800 ip: version=4 headerwords=5 tos=0 length=40 ip: id=15720 flags=0x2 fragmentoffset=0 ip: ttl=62 protocol=6 checksum=0x0000 ip: sourceaddress=125.182.162.162 ip: destinaddress=36.190.253.236
pad=0xbb offset=0xc5 dst=00:50:a2:df:e8:1c src=00:0d:bc:03:6d:80 etype=0x0800 ip: version=4 headerwords=5 tos=0 length=186 ip: id=15722 flags=0x2 fragmentoffset=0 ip: ttl=62 protocol=6 checksum=0x0000 ip: sourceaddress=125.182.162.162 ip: destinaddress=36.190.253.236
因此,基本上:将字段分隔符更改为空,并将记录分隔符更改为“bd=”模式,然后打印记录中的所有内容。