[lug] Trapping Tcpdump Output
D. Stimits
stimits at idcomm.com
Sun Oct 7 12:29:53 MDT 2001
rm at fabula.de wrote:
>
> On Sun, Oct 07, 2001 at 10:45:29AM -0600, SoloCDM wrote:
> > I have tried to trap all the output when I execute tcpdump in the
> > following script, without success:
> >
> > MEGREP=`which -a --skip-alias egrep | sed 's;\(/e\);/.\1;'`
> > MEGREP=`echo ${MEGREP} -ie`
> > MVAR=/var/log/messages
> >
> > PPPDEV=`ifconfig -a | ${MEGREP} 'Point-to-Point' | tail --lines=1 |
> > gawk -F ' ' '{ print $1 }'`
> > { nohup tcpdump -tai ${PPPDEV} | while read MF
> > do
> > MCHK=`echo "${MF}" | ${MEGREP} icmp`
> > [ "${MCHK}" = "" ] && {
> > echo "${MF}" >> log-file 2>&1
> > }
> > done & }
> >
> >
> > When the script starts, it outputs "tcpdump: listening on ppp0"
> > without allowing redirecting to a file within in the script. When it
> > stops, it outputs "44 packets received by filter, 0 packets dropped
> > by kernel" with the same lack of redirection.
> >
> > In the past, I would execute the script with "tcpdump-icmp >>
> > log-file 2>&1" and it worked, but that is redundant when the script
> > does it already. I even added the redirection to the end of done,
> > but still nothing. Are there any solutions?
>
> Where actually do you redirect stderr (fd 2) in your script?
> You execute 'nohup tcpdump -tai ${PPPDEV}' -- at that point 'tcpdump'
> inherits stderr from it's invoking shell, and as far as i can tell
> there's no redirect of fd 2 for that (you would need to exec with
> output redirection for that, or you could run 'nohup ...' in a subshell).
An expansion on the topic. For bash:
whatever &1<2 | your_script
For tcsh/csh:
whatever |& your_script
Add this if you want to both log something, and also view it, same time
(bash version):
whatever &1<2 | tee logfile
Variation to view and use script:
whatever &1<2 | tee logfile | your_script
"tee is a wonderful thing, it'll give you warm fuzzy feelings and a log
file too!" (especially when logging "make" on someone else's software)
D. Stimits, stimits at idcomm.com
>
> Ralf Mattes
> > --
> > Note: When you reply to this message, please include the mailing
> > list/newsgroup address and my email address in To:.
> >
> > *********************************************************************
> > Signed,
> > SoloCDM
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list