[lug] Trapping Tcpdump Output

D. Stimits stimits at idcomm.com
Sun Oct 7 12:29:53 MDT 2001 

rm at fabula.de wrote:
> 
> On Sun, Oct 07, 2001 at 10:45:29AM -0600, SoloCDM wrote:
> > I have tried to trap all the output when I execute tcpdump in the
> > following script, without success:
> >
> > MEGREP=`which -a --skip-alias egrep | sed 's;\(/e\);/.\1;'`
> > MEGREP=`echo ${MEGREP} -ie`
> > MVAR=/var/log/messages
> >
> > PPPDEV=`ifconfig -a | ${MEGREP} 'Point-to-Point' | tail --lines=1 |
> > gawk -F ' ' '{ print $1 }'`
> > { nohup tcpdump -tai ${PPPDEV} | while read MF
> > do
> >   MCHK=`echo "${MF}" | ${MEGREP} icmp`
> >   [ "${MCHK}" = "" ] && {
> >     echo "${MF}" >> log-file 2>&1
> >   }
> > done & }
> >
> >
> > When the script starts, it outputs "tcpdump: listening on ppp0"
> > without allowing redirecting to a file within in the script.  When it
> > stops, it outputs "44 packets received by filter, 0 packets dropped
> > by kernel" with the same lack of redirection.
> >
> > In the past, I would execute the script with "tcpdump-icmp >>
> > log-file 2>&1" and it worked, but that is redundant when the script
> > does it already.  I even added the redirection to the end of done,
> > but still nothing.  Are there any solutions?
> 
> Where actually do you redirect stderr (fd 2) in your script?
> You execute 'nohup  tcpdump -tai ${PPPDEV}' -- at that point 'tcpdump'
> inherits  stderr from it's invoking shell, and as far as i can tell
> there's no redirect of fd 2 for that (you would need to exec with
> output redirection for that, or you could run 'nohup ...' in a subshell).

An expansion on the topic. For bash:
whatever &1<2 | your_script

For tcsh/csh:
whatever |& your_script

Add this if you want to both log something, and also view it, same time
(bash version):
whatever &1<2 | tee logfile

Variation to view and use script:
whatever &1<2 | tee logfile | your_script

"tee is a wonderful thing, it'll give you warm fuzzy feelings and a log
file too!" (especially when logging "make" on someone else's software)

D. Stimits, stimits at idcomm.com


> 
>   Ralf Mattes
> > --
> > Note: When you reply to this message, please include the mailing
> >       list/newsgroup address and my email address in To:.
> >
> > *********************************************************************
> > Signed,
> > SoloCDM
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list