I want to grep a multiline pattern from tcpdump output like the following: sudo tcpdump -A -s0 | grep -Pzo 'foo.*\n.*bar' However, it does not seem to work. But it works if I dump the data into a file and then grep the file. How can I make the command using pipe working?
Asked
Active
Viewed 2,843 times
3 Answers
1
Try to add -l:
-l Make stdout line buffered. Useful if you want to see the data while capturing it. E.g., tcpdump -l | tee dat tcpdump -l > dat & tail -f dat
konsolebox
- 72,135
- 12
- 99
- 105
-
Tried sudo tcpdump -A -s0 -l | grep -Pzo 'foo.*\n.*bar' – Weihong Aug 11 '14 at 02:48
-
but it still does not work. I found the problem might be caused by the -z option of grep. When that is set, even sudo tcpdump -A -s0 | grep -Pzo foo will not work. – Weihong Aug 11 '14 at 04:01
-
grep '' was not working for me. The -l switch cured it. – andrew pate Sep 22 '15 at 12:03
0
I still don't get why the grep does not work above even with -l option for tcpdump, but I found this stackoverflow post How to find patterns across multiple lines using grep?. So I tried pcregrep, and it worked. sudo tcpdump -A -s0 | pcregrep -Mo "foo.*\n.*bar"
0
I was having problems piping the output to tail even with the -l switch as well. I was able to solve my problem by using multitail instead of tail -F.
This worked for me: multitail -l "tcpdump -li eth0"
Ron DeFulio
- 125
- 1
- 7