Reputation: 11
pipe tcpdump output to grep multiline pattern
I want to grep a multiline pattern from tcpdump output like the following: sudo tcpdump -A -s0 | grep -Pzo 'foo.*\n.*bar' However, it does not seem to work. But it works if I dump the data into a file and then grep the file. How can I make the command using pipe working?
Upvotes: 1
Views: 3040
Answers (3)
Reputation: 135
I was having problems piping the output to tail even with the -l switch as well. I was able to solve my problem by using multitail instead of tail -F.
This worked for me: multitail -l "tcpdump -li eth0"
Upvotes: 0
Reputation: 11
I still don't get why the grep does not work above even with -l option for tcpdump, but I found this stackoverflow post How to find patterns across multiple lines using grep?. So I tried pcregrep, and it worked. sudo tcpdump -A -s0 | pcregrep -Mo "foo.*\n.*bar"
Upvotes: 0
Reputation: 75548
Try to add -l:
-l Make stdout line buffered. Useful if you want to see the data while capturing it. E.g., tcpdump -l | tee dat tcpdump -l > dat & tail -f dat
Upvotes: 1
Related Questions
- tcpdump output on a single line
- How can i extract only the destination ports from a TCPDUMP file
- tcpdump piped through grep written to file. (Weird number 16)
- Append output of grep filter to a file
- How to output tcpdump with grep expression to stdout / file?
- Having trouble parsing tcpdump output with regex
- Greping a tcpdump with tshark
- Piping the output of tcpdump multiple times
- pipe tcpdump grep into perl
- What's a tcpdump one-liner to dump a TCP stream that matches a given substring?