LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-02-2013, 11:53 AM   #1
r00t
LQ Newbie
 
Registered: May 2012
Posts: 26

Rep: Reputation: Disabled
tcpdump grep/pipe summary


Is it possible to grep something from the tcpdump summary? Like: tcpdump -nn -c100 | grep "packets dropped by kernel"
But that somehow doesn't work, it only pipes the packets itself, but the summary seems to be written to another stdout or something. I want to grep/awk one of these lines:

0 packets captured
0 packets received by filter
0 packets dropped by kernel

Any suggestions? The -l option also doesn't help.
 
Old 02-02-2013, 12:57 PM   #2
business_kid
Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 6,977

Rep: Reputation: 629Reputation: 629Reputation: 629Reputation: 629Reputation: 629Reputation: 629
tcpdump -options > some_file 2>&1
grep <search_terms> some_file
 
1 members found this post helpful.
Old 02-02-2013, 01:04 PM   #3
r00t
LQ Newbie
 
Registered: May 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
Ah well, that did the trick. Could've thought of that. Thanks!
 
Old 02-03-2013, 09:29 AM   #4
business_kid
Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 6,977

Rep: Reputation: 629Reputation: 629Reputation: 629Reputation: 629Reputation: 629Reputation: 629
Welcome. If you're repeating this constantly and wish to be esoteric, you might try

mkfifo my.fifo
tcpdump options > my.fifo 2>&1
cat my.fifo | grep <search terms>

This has the advantage of being self cleaning, as tcpdump should fill the fifo (First In First Out) and cat will empty it again.

I think your option with corrected syntax is shorter
tcpdump -nn -c100 | egrep 'packets\ dropped\ by\ kernel'

Any non alpha-numeric character (.,*&^%$!#~' etc.) needs an escape before it is treated as an ordinary character in grep's search. egrep uses Posix reg. exp. rules.
 
2 members found this post helpful.
Old 02-03-2013, 10:58 AM   #5
r00t
LQ Newbie
 
Registered: May 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
Thank you for your reply and your explaination, very helpful. I'm now trying to do the same with the script from the first answer of this topic and it doesn't work with both of your solutions. Any suggestion on this one? Thank you in advance, much appreciated.
 
Old 02-04-2013, 10:35 AM   #6
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian sid + kde 3.5 & 4.4
Posts: 6,823

Rep: Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952
So the lines you want are being sent to stderr, correct?

So just redirect stderr to (the same place as) stdout, and then dump stdout to /dev/null.

Code:
tcpdump -options 2>&1 >/dev/null | grep whatever
Note that the order of the redirections is important. If you reversed them then both outputs would end up going to /dev/null.

redirections and file descriptors explained
 
Old 02-10-2013, 11:52 AM   #7
r00t
LQ Newbie
 
Registered: May 2012
Posts: 26

Original Poster
Rep: Reputation: Disabled
Isn't this exactly the same as business_kid suggested? It doesn't work with the script I linked.
 
Old 02-11-2013, 10:02 AM   #8
David the H.
Bash Guru
 
Registered: Jun 2004
Location: Osaka, Japan
Distribution: Debian sid + kde 3.5 & 4.4
Posts: 6,823

Rep: Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952Reputation: 1952
The principle is identical, except that business_kid threw an unnecessary tempfile/pipe to the mix. My post demonstrates how it can all be done with a single command. Also, I took the time to add a link so that you can study it in more detail.


And it doesn't help much to just say that something "didn't work". What exactly did you try, and what exactly happened when you tried it? We can't see your screen, so we can't figure out what went wrong unless you give us enough detail to work with.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TcpDump / Grep / Pipe to file Reefcrazed Linux - Networking 7 06-23-2010 07:46 PM
Pipe a variable using grep in a script. okos Linux - Software 6 08-17-2009 02:31 AM
Trying to understand pipes - Can't pipe output from tail -f to grep then grep again lostjohnny Linux - Newbie 15 03-12-2009 10:31 PM
tcpdump, grep and what else... benjithegreat98 Linux - General 3 01-01-2004 09:37 PM


All times are GMT -5. The time now is 05:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration