Reputation: 117
tcpdump output on a single line
I have a tcpdump file and I would like to print out how many lines/packets have been sent.
I'm using the tcpdump -r command, but some of the output seem to be stretched out over two lines (see picture below), even when they are from the same protocol.
My question is how do I make it not appear on a new line and print out total of lines?
I have tested it using the Wireshark GUI and it should have 3188 lines, but I would like to do this using Linux command line.
Upvotes: 2
Views: 6715
Answers (4)
Reputation: 11
Assuming you're working in bash or ksh, run "export COLUMNS=1024" before running tcpdump. Tcpdump will conclude that the display is 1024 characters wide, which should be enough to make each packet sit on one output line. I don't think there's any practical limit to the COLUMNS value.
Upvotes: 1
Reputation: 6304
how do I make it not appear on a new line and print out total of lines
If you don't want long lines to be wrapped, you will have to truncate them. You can do this using the cut command. For example:
tshark -r file.pcap | cut -c -80
If you only want to count the number of lines in the output, then you can do so using the wc command. For example:
tshark -r file.pcap | wc -l
Note: Whether you truncate long lines or not, the count of the number of lines remains the same. Just because a long line is wrapped doesn't mean the line count increases; it doesn't. So, unless you really need to truncate the long lines, I would advise against it; otherwise you're going to be chopping off potentially useful information for no good reason.
That said, if you do want to truncate the long lines and if you also want to be able to print out the total number of lines, then this will probably require 2 steps:
- Redirect the truncated output to a file, and
- Count the number of lines in the file using
wc.
For example:
tshark -r file.pcap | cut -c -80 > file.txt
wc -l file.txt (or cat file.txt | wc -l)
If you want to be able to immediately see the output as well as write the output to a file in order to count the number of lines, then you can do this with the tee command, for example:
tshark -r file.pcap | cut -c -80 | tee file.txt
wc -l file.txt
Upvotes: 0
Reputation: 2111
If you have the content of the tcpdump output in a text file you can avoid line wrapping by using less with -S parameter.
From less manual:
-S or --chop-long-lines Causes lines longer than the screen width to be chopped (truncated) rather than wrapped. That is, the portion of a long line that does not fit in the screen width is not shown. The default is to wrap long lines; that is, display the remainder on the next line.
When used with -N parameter, the number of lines will be also shown.
Upvotes: 1
Related Questions
- How to display all data using tcpdump?
- How can I have tcpdump write to file and standard output the appropriate data?
- tcpdump / wireshark capturing problems
- Simplify `tcpdump` output
- How to capture all the HTTP packets using tcpdump
- Tcpdump output convert it to json format
- pipe tcpdump output to grep multiline pattern
- How to get tcpdump to save to a file without using binary?
- how to process tcpdump outputs in c
- Piping the output of tcpdump multiple times