i'm trying to filter out the ip, the method(GET and POST), and then http data that contains a specific string. The filter looks like this:
http.request.method == "GET" && http.request.method == "POST" && ip.src == 10.1.5.8 && http contains "facebook"
I want to filter the data as specified by the filter, but it don't work. If I use || instead of &&, it works, other IPs are also shown, which is wrong. The only IP that should be listed is 10.1.5.8
I solved it like this:
(http.request.method == "GET" or http.request.method == "POST") and (ip.src == 10.1.5.8 or ip.src == 10.1.5.2 or ip.src == 10.1.5.3 or ip.src == 10.1.5.4 or ip.src == 10.1.5.5 or ip.src == 10.1.5.7) and (http contains "facebook" or http contains "reddit")
Related
I have a query where user can have 3 option value where they can either just choose one on each option or 2 of either option of even 3 of the option. However, when creating the if else statement in the controller, the if else comes up until 7 statements. Any ideas how to reduce the if else statement.
each if else statement gives different input inside,
as an example
if (1 !="" && 2 =="" && 3==""){
}elseif(1 =="" && 2 !="" && 3==""){
}elseif(1 =="" && 2 =="" && 3!=""){
}elseif(1 !="" && 2 !="" && 3 ==""){
}elseif(1 !="" && 2 =="" && 3 !=""){
}elseif(1 =="" && 2 !="" && 3 !=""){
}elseif(1 !="" && 2 !="" && 3 !=""){
}else{}
You can use nested if statements instead of this , I think it may help you on this scenario
if(1 !=""){
if(2 != ""){
if(3 != ""){
// all statements are true
}else {
// 1 & 2 statements are true
}
}else {
// only 1 is true
}
}else {
// all statements is false
}
OR you can do also
if (1 != "") {
if (2 != "") {
if (3 != "") {
// all statements are true
}
}
} else {
// all statements is false
}
you can use this. This is not small but it is easy to understand
if (!empty(1) && empty(2) && empty(3)){
return '1';
}
if(empty(1) && !empty(2) && empty(3)){
return '2';
}
if(empty(1) && empty(2) && !empty(3)){
return '3';
}
if(!empty(1) && !empty(2) && empty(3)){
return '1 & 2';
}
if(!empty(1) && empty(2) && !empty(3)){
return '1 & 3';
}
if(empty(1) && !empty(2) && !empty(3)){
return '2 & 3';
}
if(!empty(1) && !empty(2) && !empty(3)){
return 'all empty';
}
here i used return early patten to simplify
In bash, I often did things like:
[ -z "${someEnvVar}" ] && someEnvVar="default value"
Instead of creating a full-fledge if statement:
if [ -z "${someEnvVar}" ]; then someEnvVar="default value"; fi
Is there a similar shorthand in PowerShell without creating a function or alias?
I'd rather not write the following in PowerShell:
if ("${someVar}" -eq "") {
$someVar = "default value"
}
If seems more readable to me, but you can use short circuit of OR (similar to BASH version):
$someVar = ""
[void]($someVar -ne "" -or ($someVar = "Default"))
$someVar #yields "Default"
$someVar = "Custom"
[void]($someVar -ne "" -or ($someVar = "Default"))
$someVar #yields "Custom"
I am afraid Powershell doesnt have such an elegant solution as C# have:
Exp1 ? Exp2: Exp3
msg = (age >= 18) ? "Welcome" : "Sorry";
But you could do something like this:
$someVar = if ("${someVar}" -eq "") { "default value" }
Here are some options:
$emptystring = ""
if ($emptystring -eq "") {
"The string was empty"
}
if (!$emptystring) {
"The string was null or empty"
}
if (!$someVar) {
"The value was null or unassigned"
}
if ([string]::IsNullOrEmpty($emptystring)) {
"The value was null or empty"
}
This produces the following output:
The string was empty
The string was null or empty
The value was null or unassigned
The value was null or empty
Since PowerShell 7, you can use C#-like If ? Then : Else syntax:
$Variable = -not $Variable ? $Default : $Variable
For pipes, you can now use bash-like || and &&:
(Get-Value && Use-Value) || Set-Value $Default
or
(Get-Value && Use-Value) || (& {Set-Value $Default; Get-Value} | Use-Value)
where & executes a script block (I don't know of a way to chain two commands in a pipe without passing values between them)
I've the following dtrace one-liner:
sudo dtrace -n 'syscall:::entry { #num[probefunc] = count(); }'
which prints number of syscall count by program (after hitting Ctrl-C.
How do I add filter above probe to only apply to a process by its name (e.g. php)? Similar to dtruss -n <name>.
Ok, this is fairly straight forward, since it can be checked in dtruss how the filtering is done:
$ grep -C5 NAME $(which dtruss)
syscall:::entry
/(OPT_command && pid == $target) ||
(OPT_pid && pid == PID) ||
(OPT_name && NAME == strstr(NAME, execname)) ||
(OPT_name && execname == strstr(execname, NAME)) ||
(self->child)/
{
/* set start details */
where NAME is the process name.
So the one-liner command is (replace php with your process name):
sudo dtrace -n '
inline string NAME = "php";
syscall:::entry
/(NAME == strstr(NAME, execname)) || (execname == strstr(execname, NAME))/
{ #num[probefunc] = count(); }
'
My code seems to not be working because I'm mishandling a hash...
There's two sections in my code where I reference the hash, and two distinct syntax errors that I haven't resolved through googling.
First Section Syntax Error & Code:
"syntax error, unexpected tSTRING_BEG, expecting keyword_do or '{' or '('"
def showBoard
puts " 1 2 3"
puts " A #{#spaces["A1"]} | #{#spaces["A2"]} | #{#spaces["A3"]}"
puts ---------------------------
puts " B #{#spaces["B1"]} | #{#spaces["B2"]} | #{#spaces["B3"]}"
puts ---------------------------
puts " C #{#spaces["C1"]} | #{#spaces["C2"]} | #{#spaces["C3"]}"
puts ---------------------------
end
Second Section Syntax Error & Code:
"syntax error, unexpected =>, expecting keyword_end"
def checkGame?
if
"A1"=>"X" && "A2"=>"X" && "A3"=>"X" ||
"B1"=>"X" && "B2"=>"X" && "B3"=>"X" ||
"C1"=>"X" && "C2"=>"X" && "C3"=>"X" ||
"A1"=>"X" && "B1"=>"X" && "C1"=>"X" ||
"A2"=>"X" && "B2"=>"X" && "C2"=>"X" ||
"A3"=>"X" && "B3"=>"X" && "C3"=>"X" ||
"A1"=>"X" && "B2"=>"X" && "C3"=>"X" ||
"A3"=>"X" && "B2"=>"X" && "C1"=>"X"
puts player1 + " wins!"
checkGame == true
elsif
"A1"=>"O" && "A2"=>"O" && "A3"=>"O" ||
"B1"=>"O" && "B2"=>"O" && "B3"=>"O" ||
"C1"=>"O" && "C2"=>"O" && "C3"=>"O" ||
"A1"=>"O" && "B1"=>"O" && "C1"=>"O" ||
"A2"=>"O" && "B2"=>"O" && "C2"=>"O" ||
"A3"=>"O" && "B3"=>"O" && "C3"=>"O" ||
"A1"=>"O" && "B2"=>"O" && "C3"=>"O" ||
"A3"=>"O" && "B2"=>"O" && "C1"=>"O"
puts player2 + " wins!"
return true
checkGame == true
elsif
"A1"!=" " && "A2"!=" " && "A3"!= " " &&
"B1"!=" " && "B2"!=" " && "B3"!= " " &&
"C1"!=" " && "C2"!=" " && "C3"!= " "
puts "It's a draw. :/ "
checkGame == true
end
return false
end
What's going wrong?
The problem with the first section is
puts -------
You probably meant to enclose the dashes in quotes, to make it a string.
The => (hashrocket) operator is only used when declaring a new hash (for example {"a" => 1}) but your second bit of code is using it outside of that context ( I'm not sure what you were trying to do so can't really suggest anything). There's a few other things that don't make sense too - you're comparing string literals at the bottom , and I suspect that the precedent of || and && won't do what you want, whatever that is
I'm trying to write a filter for TShark the command line based Wireshark.
I want to add those options to the command :
-i 2 (interface with index n°2)
-a duration:60 (the "scan" should last 60 seconds)
-v (print the result and exit)
-x (print an ASCII dump in the file)
and a filter that only captures packets with these particularities :
"ip" (only IP packets)
"ip.src == 192.168.0.1" (source IP adress should be 192.168.0.1)
"ip.dst == 111.222.111.222" (destination IP adress should be 111.222.111.222)
"port == 80 or port == 443" (port should be http or https)
"http.request.method == 'GET'" (it should be a GET request)
and then I want the results to be saved in a file "test.txt".
So the final command should be this :
tshark -i 2 -a duration:60 -vx -f "ip" && "ip.src == 192.168.0.1" && "ip.dst == 111.222.111.222" && "port == 80 or port == 443" && "http.request.method == 'GET'" > test.txt
But I keep getting an error message from Windows saying that '"ip.src == 192.168.0.1" isn't a recognized internal or external command. I tried with spaces, without spaces ...etc, but can't figure a way to get this work.
The problem probably comes from the way I "chain" the conditions.
Also wanted to ask if there was some kind of "stop execution" command that would stop the current capturing but still save the results in a .txt file.
and a filter that only captures packets with these particularities
...
"http.request.method == 'GET'" (it should be a GET request)
That last part is EXTREMELY difficult to do with a capture filter. If you can avoid that, the rest is relatively easy to do with a capture filter:
"ip src 192.168.0.1 && ip dst 111.222.111.222 && (tcp port 80 or tcp port == 443)"
and you might be able to use the entire *shark filter as a read filter:
-r "ip && ip.src == 192.168.0.1 && ip.dst == 111.222.111.222 && (tcp.port == 80 or tcp.port == 443) && http.request.method == 'GET'"
(note that it's tcp.port, not just port).
However, note that for HTTP-over-SSL/TLS, if the requests are encrypted, you'll have to arrange to decrypt those in order for http.request.method == 'GET' to work.
(The parentheses around the "or" clauses might not be necessary, but I prefer them to just make the meaning of the expression more obvious.)
The tshark -f option takes capture filters, not wireshark display filters. This is the same as the libpcap syntax.
You have to remove the " characters between the filter parts. Try:
"ip && ip.src == 192.168.0.1 && ip.dst == 111.222.111.222 &&
port == 80 or port == 443 && http.request.method == 'GET'"