Search code examples
linuxbashhttp-redirectawktcpdump

redirecting awk output to file in bash

I am working on a bash script that captures beacon frame packets (without bad fcs) and output them in a preferred format, but I am having problem redirecting the outptut to a file.

This is my command line when I am redirecting to a file called temp

tcpdump -I -i mon0 -vv 2>/dev/null|awk -F ',| ' 'BEGIN{printf "%-10s %-25s%-10s\n","OPTION NO.","ESSID(Beacon Frames)","CHANNEL NO."};$0~/Beacon/{for(i=1;i<=NF;++i){if(($i~/^\([^^]+\)$/) && !($i in arr) && ($0~/CH:/) && !($0~/tsft bad-fcs/)){NR=++c;arr[$i]=1;gsub(/\(|\)/,"",$i);printf("%-10s %-25s",NR,$i);for(x=1;x<=NF;++x){if($x~/^CH:/){print $x " "$(x+1) "\tHit Ctrl+C to stop scan"}}}}}' >> temp

The command line above works fine in a terminal when I am not redirecting to a file (the output is shown). When I am redirecting to a file, I am seeing the file exist with no output.

I tried the following

1.Pipe the command line output like tee -a temp (to output to stdout and file)

example

tcpdump -I -i mon0 -vv 2>/dev/null|awk -F ',| ' 'BEGIN{printf "%-10s %-25s%-10s\n","OPTION NO.","ESSID(Beacon Frames)","CHANNEL NO."};$0~/Beacon/{for(i=1;i<=NF;++i){if(($i~/^\([^^]+\)$/) && !($i in arr) && ($0~/CH:/) && !($0~/tsft bad-fcs/)){NR=++c;arr[$i]=1;gsub(/\(|\)/,"",$i);printf("%-10s %-25s",NR,$i);for(x=1;x<=NF;++x){if($x~/^CH:/){print $x " "$(x+1) "\tHit Ctrl+C to stop scan"}}}}}'|tee -a temp

  1. I tried

    exec > temp command line above

Can this be a buffering issue since packet capturing is rapid?

How can the results of the above command line be redirected to a file?

Note: mon0 in the command line represents the monitor interface I started on my wireless adapter using airmon-ng

edit: the breakdown of the codes are as follows

BEGIN {
    FS=",| "
    printf "%-10s %-25s%-10s\n","OPTION NO.","ESSID(Beacon Frames)","CHANNEL NO."
}
$0~/Beacon/ {
    for(i=1;i<=NF;++i) {
        if(($i~/^\([^^]+\)$/) && !($i in arr) && ($0~/CH:/) && !($0~/tsft bad-fcs/)) {
            NR=++c
            arr[$i]=1
            gsub(/\(|\)/,"",$i)
            printf("%-10s %-25s",NR,$i)
            for(x=1;x<=NF;++x) {
                if($x~/^CH:/) {
                    print $x " "$(x+1) "\tHit Ctrl+C to stop scan"
                }
            }
        }
    }
}

As i mentioned the codes work fine..it is just the redirection issue..do offer improvements to the code if needed.

Solution

  • After a bit of reading on awk and gawk..I came across a very interesting topic on buffering behaviour in one of my text.This solved my problem..I changed the buffering behaviour of awk using the following

    fflush("") ==> gawk and newer versions of awk

    or

    system("")==> older versions of awk

    This forces awk to flush its output immediately for every input line.

    I tried each of the aforementioned functions in my command line and my output was immediately redirected to my file temp.