TechQA.

Bash broken pipe with tcpdump

3.8k views Asked by At

I use the following command to send pinging IP's to a script:

sudo tcpdump -ne -l -i eth0 icmp and icmp[icmptype]=icmp-echo \
  | cut -d " " -f 10 | xargs -L2 ./pong.sh

Unfortunately this gives me:

tcpdump: Unable to write output: Broken pipe

To dissect my commands:

  • Output the ping's from the traffic:

    sudo tcpdump -ne -l -i eth0 icmp and icmp[icmptype]=icmp-echo

    Output:

    11:55:58.812177 IP xxxxxxx > 127.0.0.1: ICMP echo request, id 50776, seq 761, length 64

  • This will get the IP's from the tcpdump output:

    cut -d " " -f 10 # output: 127.0.0.1

  • Get the output to the script:

    xargs -L2 ./pong.sh

    This will mimic the following example command:

    ./pong.sh 127.0.0.1

The strange thing is that the commands work seperate (on their own)...

I tried debugging it but I have no experience with debugging pipes. I checked the commands but they seem fine.

bash shell xargs tcpdump piping
Original Q&A
2

There are 2 answers

1
jjo On

It would seem that's cut stdio buffering is interfering here, i.e. replace | xargs ... by | cat in your cmdline to find out.

Fwiw below cmdline wfm (pipe straight to xargs then use the shell itself to get the nth arg), note btw the extra tcpdump args : -c10 (just to limit to 10pkts, then show the 10/2 lines) and -Q in (only inbound pkts):

$ sudo tcpdump -c 10 -Q in -ne -l -i eth0 icmp and icmp[icmptype]=icmp-echo 2>/dev/null | \
  xargs -L2 sh -c 'echo -n "$9: "; ping -nqc1 $9 | grep rtt' 
192.168.100.132: rtt min/avg/max/mdev = 3.743/3.743/3.743/0.000 ms
192.168.100.132: rtt min/avg/max/mdev = 5.863/5.863/5.863/0.000 ms
192.168.100.132: rtt min/avg/max/mdev = 6.167/6.167/6.167/0.000 ms
192.168.100.132: rtt min/avg/max/mdev = 4.256/4.256/4.256/0.000 ms
192.168.100.132: rtt min/avg/max/mdev = 1.545/1.545/1.545/0.000 ms
$ _
0
Smiling.Demon On

For those coming across this (like me), tcpdump buffering is the issue. From the man page:

 -l        Make stdout line buffered.  Useful if you want to see the data
           while capturing it.  For example:

                 # tcpdump -l | tee dat
           or
                 # tcpdump -l > dat & tail -f dat

Related Questions in BASH

Related Questions in SHELL

Related Questions in XARGS

Related Questions in TCPDUMP

Related Questions in PIPING

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions