1

I want to extract the timestamp of the packets using tcpdump and put it into a file, in such a way that the latest timestamp replaces the first line (which either is empty or contains the the timestamp of the second-last packet). Its necessary that the file should only have a 1 line entry ie. the timestamp of the latest packet.

This is what I did:

sudo tcpdump -i eth0 -l | cut -d . -f1 >  test.txt

cat test.txt
16:08:04
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05

But what I want is only the latest timestamp:

cat test.txt
16:08:05

Any Ideas?

Improve this question

2 Answers 2

Reset to default
2

From what I've tested, it looks like your script will run forever and you may need to see the last packet in another process, isn't it?

$ cat test.txt

16:08:04
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05

If you only want the latest packet (i.e. the last line), please try

$ tail -1 test.txt

16:08:05

if you want to see the latest packet together with the rest, please try

$ tail -1 test.txt > tmp_out; cat test.txt >> tmp_out; cat tmp_out

16:08:05
16:08:04
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

not what I'm looking for. I'm piping the output of tcpdump to the file, but I only want it to replace the first line with the latest timestamp (this is because i have space constraints)
replace the first line - that's not what your question asks for. Please update your post.
0

Using awk you can do:

sudo tcpdump -i en0 -l -c 5 2>/dev/null | awk -F'\\.' '$1~/^[012][0-9]:/{p=$1} 
   END{print p > "output"}'

cat output
08:27:51

This will get max timestamp and store it in file called output.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.