I think what I want to do is very easy, but I can not find a way to do that:
If I put this command:
[root@:Active] tmp # tcpdump -i any -s 65535 host 192.168.1.110 and port 1645 or port 1813 -v
-X | grep -o 'Start'
Start
Start
...
...
...
Start
Start
10047 packets captured
10046 packets received by filter
0 packets dropped by kernel
I got a lot of Start coincidence, but I only want to count how many "Start" is actually showing in the shell (meanwhile the tcpdump command is running).
I try adding wc -l:
[root@:Active] tmp # tcpdump -i any -s 65535 host 192.168.1.110 and port 1645 or port 1813 -v
-X | grep -o 'Start' | wc -l
tcpdump: listening on any, link-type EN10MB (Ethernet), capture size 65535 bytes
But still nothing, I don't want to save a file with the output of tcpdump and then count, just count the output lines that already is showing, in real time.
Also I try some combination with xargs, but still fail counting. I think "wc -l" "grep -c" and similar commands needs a file to point and count, but I don't know where in the memory the output from tcpdump is storage.
If you have any clever ideas will be appreciate it :D.
I still think that I'm missing some silly things, the lines already are showing in the shell, I just need to count how many are they, without saving any file or stopping the tcpdump.
Meanwhile I will keep trying, some friend told me with AWK language I can do this.
Greetings to all.
Best Answer
You seem to want the count instead of the 'Start' output.
Display count instead:
Display count and line:
Display count on the same line: