CODEWITHSUNDEEP
bashshellxargstcpdumppiping
user5989986
user5989986

Reputation: 83

Bash broken pipe with tcpdump

I use the following command to send pinging IP's to a script:

sudo tcpdump -ne -l -i eth0 icmp and icmp[icmptype]=icmp-echo \
  | cut -d " " -f 10 | xargs -L2 ./pong.sh

Unfortunately this gives me:

tcpdump: Unable to write output: Broken pipe

To dissect my commands:

The strange thing is that the commands work seperate (on their own)...

I tried debugging it but I have no experience with debugging pipes. I checked the commands but they seem fine.

Upvotes: 1

Views: 4220

Answers (2)

Smiling.Demon
Smiling.Demon

Reputation: 1

For those coming across this (like me), tcpdump buffering is the issue. From the man page:

 -l        Make stdout line buffered.  Useful if you want to see the data
           while capturing it.  For example:

                 # tcpdump -l | tee dat
           or
                 # tcpdump -l > dat & tail -f dat

Upvotes: 0

jjo
jjo

Reputation: 3020

It would seem that's cut stdio buffering is interfering here, i.e. replace | xargs ... by | cat in your cmdline to find out.

Fwiw below cmdline wfm (pipe straight to xargs then use the shell itself to get the nth arg), note btw the extra tcpdump args : -c10 (just to limit to 10pkts, then show the 10/2 lines) and -Q in (only inbound pkts):

$ sudo tcpdump -c 10 -Q in -ne -l -i eth0 icmp and icmp[icmptype]=icmp-echo 2>/dev/null | \
  xargs -L2 sh -c 'echo -n "$9: "; ping -nqc1 $9 | grep rtt' 
192.168.100.132: rtt min/avg/max/mdev = 3.743/3.743/3.743/0.000 ms
192.168.100.132: rtt min/avg/max/mdev = 5.863/5.863/5.863/0.000 ms
192.168.100.132: rtt min/avg/max/mdev = 6.167/6.167/6.167/0.000 ms
192.168.100.132: rtt min/avg/max/mdev = 4.256/4.256/4.256/0.000 ms
192.168.100.132: rtt min/avg/max/mdev = 1.545/1.545/1.545/0.000 ms
$ _

Upvotes: 1

Related Questions