Revision history [back]

Currently I'm outputting the ascii payload of tshark filtered packets:

tshark -i ens224 -l -T fields -e data host 192.168.1.123 and dst port 3423 | xargs -n1 -I{} echo "{}0d0a" | xxd -r -p -

where xxd is being used to convert the hex data in the data field to ascii.

tshark
-i interface name
-f host filter for local broadcast
-l flush stdout after each packet
-T fields output fields specified by -e
-e data tshark will only output undissected data in packets

xargs
-n1 trigger on one recieved cmd line arg
-i{} use {} for substitution in echo command
"{}0d0a" add crlf to hex string data from packet to flush stdout in xxd
echo use echo to aggregate hex data with crlf and pipe to xxd

xxd
-r reverse hex to ascii
-p plain text output
- take input from stdin

The output looks something like:

1 Data in packet
7 Data in another packet

I'd like to prepend that with the capture time.

1 15:20:32 Data in packet
7 15:23:01 Data in another packet

How do I do that?

Currently I'm outputting the ascii payload of tshark filtered packets:

tshark -i ens224 -l -T fields -e data host 192.168.1.123 and dst port 3423 | xargs -n1 -I{} echo "{}0d0a" | xxd -r -p -

where xxd is being used to convert the hex data in the data field to ascii.

 tshark 
 
    -i interface name 
 
    -f host filter for local broadcast 
 
    -l flush stdout after each packet 
 
    -T fields output fields specified by -e 
 
    -e data   tshark will only output undissected data in packets  
 
 xargs 
 
    -n1 trigger on one recieved cmd line arg 
 
    -i{} use {} for substitution in echo command 
 
    "{}0d0a"  add crlf to hex string data from packet to flush stdout in xxd 
 
    echo use echo to aggregate hex data with crlf and pipe to xxd  
 
xxd 


  xxd  
    -r reverse hex to ascii 
 
    -p plain text output 
 
    -  take input from stdin  stdin