This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Prepending ‘/’ to the output of a tshark scan in BASH

0

Hi Folks,

I'm running this tshark scan + filter: sudo tshark -I -i en1 -T fields -e wlan.sa_resolved -e wlan_mgt.ssid -e radiotap.dbm_antsignal type mgt subtype probe-req

and need to prepend each line with a '/', to get an output like this:

/Apple_9d:ex:xx eduroam -90

I've tried sed 's:^:/:'and also | awk '{print " / " $0}'but both of those stop the output of the scan from displaying (the packet counter appears instead). The only way I've got it to almost work is with sudo tshark -I -i en1 -T fields -e wlan.sa_resolved -e wlan_mgt.ssid -e radiotap.dbm_antsignal type mgt subtype probe-req > >(sed 's:^:/:'), but then you only see the output when you stop the command. Very furstrating.

I believe it's something to do with the probe requesttype filter, as when I remove that both sed & awk work, but then I'm getting lots of frames etc that I don't need. Any thoughts would be greatly appreciated!

asked 13 Mar '15, 16:00

youcloudsofddom's gravatar image

youcloudsofddom
16559
accept rate: 0%


One Answer:

1

How about using -l to make the output line buffered and -q to make it quiet about the packet count:

$ sudo tshark -I -l -q -i en1 -T fields -e wlan.sa_resolved -e wlan_mgt.ssid -e radiotap.dbm_antsignal "type mgt subtype probe-req" | sed -e 's:^:/:'
Capturing on 'AirPort'
/00:15:99:b3:ec:e1  ZiggoDBD4C  -76
/00:15:99:b3:ec:e1  ZiggoDBD4C  -76
/00:15:99:b3:ec:e1  ZiggoDBD4C  -75
/00:15:99:b3:ec:e1  ZiggoDBD4C  -75
/14:b4:84:7f:38:fe      -79
/14:b4:84:7f:38:fe      -80
/14:b4:84:7f:38:fe      -81
/14:b4:84:7f:38:fe      -79
/14:b4:84:7f:38:fe      -81
/00:15:99:b3:ec:e1  ZiggoDBD4C  -75
/00:15:99:b3:ec:e1  ZiggoDBD4C  -76
/00:15:99:b3:ec:e1  ZiggoDBD4C  -75
/00:15:99:b3:ec:e1  ZiggoDBD4C  -75
/00:15:99:b3:ec:e1  ZiggoDBD4C  -76
/00:15:99:b3:ec:e1  ZiggoDBD4C  -75
^C15 packets captured

answered 13 Mar '15, 16:21

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

That works perfectly, thank you!

(13 Mar '15, 16:39) youcloudsofddom