First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Tshark piping issue

  • retag add tags

hello guys, im currently in the middle of a cyber security course, and i have a little problem.

i was given a task to write a script with Tshark to sniff a live network- then i need to filter the MAC addresses, dump them to a .txt file, and then from that script to open a new terminal and use tail -f on that .txt file to see the last mac adresses that connected to the network... something like a live monitor. however, something is not working. here is my script: (im using Kali)

tshark -D

read -p " what is the desired interface for live capture? " a

touch sniffer.log

gnome-terminal -- tail -f sniffer.log

tshark -i $a -V -l | grep -i "mac" |cut -d':' -f2-5 | sort | uniq >> sniffer.log

anything i put after the grep command makes tshark show me a packet counter and nothing more.

can you please assist me?

thank you.

NetworkMiner's avatar
1
NetworkMiner
asked 2019-10-09 19:05:24 +0000, updated 2019-10-09 19:06:22 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

anything i put after the grep command makes tshark show me a packet counter and nothing more.

TShark itself won't show you anything on the terminal, because its output is being piped to grep.

sort, however, cannot write anything until it reads an EOF - it might be the very last line it reads from the standard input that sorts first in its output. So it won't write anything to the uniq command until the grep exits, and grep won't exit until it reads an EOF, and that won't happen until TShark exits.

Therefore, nothing will be written to sniffer.log until TShark exits, and therefore the tail -f won't print anything until TShark exits.

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-10-09 20:09:27 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer