Is it possible to run tshark in the same way that you would run 'top' (or any curses-based refreshing status ?) Let's say I am looking at signal strength of a local GSM tower with: tshark -Y '!icmp && gsmtap' -i lo -t ad -T fields -e gsmtap.signal_dbm I will see a continuously scrolling output of numbers, just scrolling up the terminal. That's what I expect. Is it possible to instruct tshark to refresh a single line of output with that number, updating the number as it changes, but not scrolling ... basically like 'top' ? If not, are there other tools that would provide this with tshark input ? asked 08 Dec '15, 10:19  wshuser |
2 Answers:
If you can get tshark to output a single result and exit, you could use the "watch" utility to accomplish this. "watch [-n <refresh seconds>] <command>" is the syntax. <command> may need quoted. Starting point: answered 08 Dec '15, 11:25  Hextreme edited 08 Dec '15, 12:15  sindy |
I wrote a perl script to do this once. Basically it just ran in a loop by calling tshark with the "-a duration:{seconds}" option on the "-T fields" output, then it would clear the screen and execute "print" statements to push a top-like display to the user plus the tshark output that had just been captured. In my case I used the "-z io,stat" output because I wanted to print the averages of various counters within a given time period. As a very short script I didn't think to save it, but it worked nicely for the job. answered 08 Dec '15, 20:29  Quadratic |
