Code: April 2018

This AWK script parses the output of the Windows "DIR *.* /s" command and puts in columnar format with column titles. This makes it easy to open in your favorite spreadsheet program using a fixed column format.

BEGIN {

record=" "; # Start output record at 2 spaces

for (i = 1; i <= 7; ++i) {record=record record;} # Expand output record to 256 spaces

record=repl(record,1,14,"Date"); # Date goes starts at column 1

record=repl(record,12,26,"Size"); # File size starts at column 12

record=repl(record,28,87,"Filename"); # File name starts in column 28

record=repl(record,89,148,"Fullpath"); # Full path starts in column 89

print record; # Print the header line

}

function repl(s,f,t,v) # Custom function to add data to the output record

{ return substr(s,1,f-1) sprintf("%-*s", t-f+1, v) substr(s,t+1) }

{

if ( substr($0,2,9) == "Directory" ) { # If this line contains the directory name,

dir=substr($0,15,60); # save the name

}

else if (substr($0,3,1) == "/" &&

substr($0,6,1) == "/" &&

substr($0,25,1) != "<") { # If this line contains a file ...

date=substr($0,1,10); # Date

size=substr($0,24,15); # File size

file=substr($0,40,60); # File name

name=dir "\\" file; # Full path

record=" "; # Start output record at 2 spaces

for (i = 1; i <= 7; ++i) {record=record record;} # Expand output record to 256 spaces

record=repl(record,1,10,date); # Date goes starts at column 1

record=repl(record,12,26,size); # File size starts at column 12

record=repl(record,28,87,file); # File name starts in column 28

record=repl(record,89,148,dir); # Full path starts in column 89

print record; # Print the output line

}

This AWK code is used to translate data that has been exported from Wireshark using
File ... Export Packet Dissections ... As Plain Text ..., checking only the Packet Bytes box
in the Packet Format section (unchecking all others). These print lines are hex characters,
which this code will translate to binary. This can be useful to create a file (e.g. PDF, JPG)
from a packet capture.

BEGIN {BINMODE = 2;} # BINMODE of 2 sets writing output to binary mode

{ if ($1 > "0020") { # Ignore the lines starting with 0000, 0010 and 0020

x=0; # There are 16 bytes on each line; Begin at offset 0

if ($1 == "0030") {x=6;} # Ignore the first 6 bytes of the 0030 line

while (x < 16) { # We start after bypassing the network header bytes

n=0; # Initialize the binary number to output

pos = 7+(x*3); # Calculate the position of the first hex byte

hex = substr($0,pos,1); # Grab the first hex byte

if (hex == " ") {next;} # If a blank is found, there are no more bytes

if (hex <= "9") {n=hex*16;} # Use multiplication for hex digits 0-9

if (hex == "a") {n=160;} # Assign the other hex digits to their binary numbers

if (hex == "b") {n=176;}

if (hex == "c") {n=192;}

if (hex == "d") {n=208;}

if (hex == "e") {n=224;}

if (hex == "f") {n=240;}

hex = substr($0,pos+1,1); # Grab the second hex byte

if (hex <= "9") {n=n+hex;} # Use addition for hex digits 0-9

if (hex == "a") {n=n+10;} # Add the other hex digits to their binary numbers

if (hex == "b") {n=n+11;}

if (hex == "c") {n=n+12;}

if (hex == "d") {n=n+13;}

if (hex == "e") {n=n+14;}

if (hex == "f") {n=n+15;}

# It is required to print directly to a file using the

printf "%c", n > "output.bin"; # “>” syntax to avoid AWK inserting a CR before each LF

x++; # Go to the next hex byte on this line

}

Code

AWK - Directory to Rows

AWK - Hex to Binary

Spoofing MAC Addresses

Report Abuse