awk — tcpdump & DNS

tcpdump -nn -r capture.pcap 2>/dev/null | awk '{split($3,a,"."); ip=a[1]"."a[2]"."a[3]"."a[4]; pkts[ip]++} END{for(i in pkts) printf "%-16s %d pkts\n",i,pkts[i]}' | sort -k2 -rn | head -10

tcpdump -nn -r capture.pcap 2>/dev/null | awk '{proto[$2]++} END{for(p in proto) printf "%-10s %d\n",p,proto[p]}' | sort -k2 -rn

tcpdump -nn -r capture.pcap 2>/dev/null | awk '{conv=$3" -> "$5; count[conv]++} END{for(c in count) printf "%6d  %s\n",count[c],c}' | sort -rn | head -15

ss -tn state established | awk -v OFS='\t' 'NR>1 {split($4,l,":"); split($5,r,":"); print l[1],l[2],r[1],r[2]}'

dig +short example.com | awk '/^[0-9]/'

dig +short SRV _ldap._tcp.dc._msdcs.domain.com | awk '{print $4, $3}'