Re: reverse grep
On 11/4/07, Gary Kline [EMAIL PROTECTED] wrote: On Sun, Nov 04, 2007 at 01:12:45AM +0100, [EMAIL PROTECTED] wrote: How is it possible to select lines that do NOT match a specific pattern? For example, I'm connecting to 192.168.123.254 via telnet (port 23), and do tcpdump -nli rl0. This cyclic traffic, becuase when tcpdump outputs something, the system sends me some packets, which generates output in tcpdump, and vice versa. I want to filter out packets of telnet access to the FreeBSD machine, that is, something like: tcpdump -nli rl0 | grep --non-matching-lines 192.168.123.254.23 % tcpdump -nli rl0 | grep -v 192.168.123.254.23 will print everything except the IP you have shown. Actually, a better way to do it would be: % tcpdump -nli rl0 'not host 192.168.123.254 and port 22' Will prevent tcpdump from capturing your own SSH traffic. grep -v is only a partial solution, if a switch such as '-X' (or '-x' on some platforms) is added, grep -v will snip only the matching line, leaving all the other lines that don't match, through, which will generate traffic, get captured, and loop as previously, as well as making the output look very non-sensical. 'man tcpdump' will be a better read in this case than man grep, although the question was perhaps worded poorly, leading to responses on grep. Regards, Chris. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
reverse grep
How is it possible to select lines that do NOT match a specific pattern? For example, I'm connecting to 192.168.123.254 via telnet (port 23), and do tcpdump -nli rl0. This cyclic traffic, becuase when tcpdump outputs something, the system sends me some packets, which generates output in tcpdump, and vice versa. I want to filter out packets of telnet access to the FreeBSD machine, that is, something like: tcpdump -nli rl0 | grep --non-matching-lines 192.168.123.254.23 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse grep
On Sun, Nov 04, 2007 at 01:12:45AM +0100, [EMAIL PROTECTED] wrote: How is it possible to select lines that do NOT match a specific pattern? By using the '-v' option to grep. For example, I'm connecting to 192.168.123.254 via telnet (port 23), and do tcpdump -nli rl0. This cyclic traffic, becuase when tcpdump outputs something, the system sends me some packets, which generates output in tcpdump, and vice versa. I want to filter out packets of telnet access to the FreeBSD machine, that is, something like: tcpdump -nli rl0 | grep --non-matching-lines 192.168.123.254.23 You can also tell tcpdump directly to not generate certain output. E.g. 'tcpdump -nli rl0 not port 23' will not display any traffic to/from port 23. Read the tcpdump(1) manpage for the details - many more options are available. -- Insert your favourite quote here. Erik Trulsson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse grep
On 2007-11-04 01:12, [EMAIL PROTECTED] wrote: How is it possible to select lines that do NOT match a specific pattern? grep -v 'pattern' ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
reverse grep
[EMAIL PROTECTED] writes: How is it possible to select lines that do NOT match a specific pattern? Read any good man pages lately? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse grep
On 11/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: How is it possible to select lines that do NOT match a specific pattern? For example, I'm connecting to 192.168.123.254 via telnet (port 23), and do tcpdump -nli rl0. This cyclic traffic, becuase when tcpdump outputs something, the system sends me some packets, which generates output in tcpdump, and vice versa. I want to filter out packets of telnet access to the FreeBSD machine, that is, something like: tcpdump -nli rl0 | grep --non-matching-lines 192.168.123.254.23 grep -v man grep ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse grep
On Sunday 04 November 2007 00:12:45 [EMAIL PROTECTED] wrote: How is it possible to select lines that do NOT match a specific pattern? grep -v ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse grep
On Sun, Nov 04, 2007 at 01:12:45AM +0100, [EMAIL PROTECTED] wrote: How is it possible to select lines that do NOT match a specific pattern? For example, I'm connecting to 192.168.123.254 via telnet (port 23), and do tcpdump -nli rl0. This cyclic traffic, becuase when tcpdump outputs something, the system sends me some packets, which generates output in tcpdump, and vice versa. I want to filter out packets of telnet access to the FreeBSD machine, that is, something like: tcpdump -nli rl0 | grep --non-matching-lines 192.168.123.254.23 % tcpdump -nli rl0 | grep -v 192.168.123.254.23 will print everything except the IP you have shown. -- Gary Kline [EMAIL PROTECTED] www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse grep
Hello deeptech71, Sunday, November 4, 2007, 1:12:45 AM, you wrote: How is it possible to select lines that do NOT match a specific pattern? grep -v ; next time please try man grep -- Best regards, Danielmailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse grep
heh I've read (kind of skimmed) the grep man page but i seem to have missed the -v for some reason ^^ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: reverse grep
On Nov 3, 2007, at 19:35, [EMAIL PROTECTED] wrote: heh I've read (kind of skimmed) the grep man page but i seem to have missed the -v for some reason ^^ The use of grep -v will work as long as the tcpdump output is limited to one line per packet. However, some of the tcpdump options produce multiple lines per packet. Those will appear to be jumbled as the initial line for the packet will not be included but the following lines will. The best approach to using tcpdump in these situations is to use the -w option to write the raw data to a file. Then use the -r to read it back in and filter using the tcpdump filters which do include the not function. That way if you don't get what you need, you can try again on the same data. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]