利用tcpdump截获msn信息

#！/bin/sh
echo "" > temp.1
echo "" > temp.3#此处没有限制多少个msn数据包tcpdump -f -lnx -s 0 host 192.168.0.1 and port 1863 > temp.0
lines=`cat temp.0 | wc -l`
line=1
while [ $line -le $lines ]
do#此处获取时间收发ip等信息memo=`sed -n """$line""p" temp.0 | gawk "{if （！~/^0x/）print ,,,,,,,,,,," "}"`
memo=$"aaaaaaaa"
if [ "$memo" = "aaaaaaaa" ]
then#截取数据包中数据部分out=`sed -n """$line""p" temp.0 | cut -c"11-14, 16-19, 21-24, 26-29, 31-34, 36-39, 41-44, 46-49"`
echo -n "$out" >> temp.1
else
echo "" >> temp.1
out=`sed -n """$line""p" temp.0 | gawk "{if （！~/^0x/）print ,,,,,,,,,,," "}"`
echo -n "$out" >> temp.1
fi
line=`expr $line + 1`
done
echo "" >> temp.1#删除空行和前两行sed "/^&/d" temp.1 | sed "1,2d" > temp.2
lines=`cat temp.2 | wc -l`
line=1
while [ $line -le $lines ]
do#获取要现实的内容
TIME=`sed -n """$line""p" temp.2 | gawk "{print }" | gawk -F "." "{print }"`
FROM=`sed -n """$line""p" temp.2 | gawk "{print }"`
TO=`sed -n """$line""p" temp.2 | gawk "{print }"`#根据标志位确定并截取msn数据DATA0=`sed -n """$line""p" temp.2 | awk "{print }" | gawk -F "0d0a0d0a" "{print }" | sed "/^0d0a$/d" | sed "s/../%&/g"`#将截获的utf-8十六进制数交由perl的URI::Escape模块处理并显示中英文DATA=`perl -e "use URI::Escape; print uri_unescape（"$DATA0"）;"`
isnull=`echo $DATA | wc -m`
if [ $isnull -gt 1 ]
then
echo "$ FROM $ TO $ DATA: $"
fi
line=`expr $line + 1`
done
rm -f temp.*