Yeah I ran into that problem as well using awk.
The easier way to do it, imho, is to use the -z option
to print out any variables you desire to see on
COL_INFO.
For example to see the dcerpc.time I use
tethereal -z "proto,colinfo,dcerpc.time,dcerpc.time"
This will append "dcerpc.time == 0.0000343" to my
COL_INFO. No doubt much easier. And you can also have
multiple -z statements. So I actually end up with a
very long command line of -z "..." -z "..." etc.
Hope that helps.
--- kem <kem2@xxxxxxx> wrote:
> Trying to run awk against the output from tethereal
> -V to pull selected
> fields out of a given frame. I am specifying the
> Field Separator as
> newline and the Record Separator as blank line:
> BEGIN { FS = "\n"; RS = "" }
> { print $1, $2, $3 }
>
> The problem is there is an empty line before the
> data field on frames
> that have data. There does not seem to be any
> consistent end of frame
> text I can use as the RS.
>
> Would it be possible to either remove the space from
> before the data
> field or put some end of record indicator at the end
> of the frame
> output?
>
> Thanks
> Kevin mason
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
>
http://www.ethereal.com/mailman/listinfo/ethereal-dev
=====
Jaime Fournier
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com