Hello,
I'm pretty stumped, and I don't know why I am not able to redirect the output to the 'graphme' file with the command below in Fedora 18.
tcpdump -l -n -t "tcp[13] == 18" | perl -ane '($s,$j)=split(/,/,$F[7],2); print "$s\n";' > graphme
In case you're wondering, I was following the example from the Graphing Initial Sequence Numbers section in Linux Administration: A Beginner's Guide 5th Edition with a little modification as I only wanted to get the first syn value from the tcpdump output.
I'm currently using tcpdump version 4.3, and perl version 5.16.2. I don't know if the version makes a difference here. I would appreciate an explanation why I couldn't redirect the output to the file but was able to redirect it to another tty or current terminal using '> /dev/tty2'.
Thanks in advance for your help.
EDIT: Since there is no response, I thought this may help those who may be afraid to execute the above command, which is pretty harmless since I was only capturing packets. This is the output from the `tcpdump -l -n -t "tcp[13] == 18"' command:
IP 50.22.206.133.http > 10.0.2.109.44777: Flags [S.], seq 3029681720, ack 19750303, win 11584, options [mss 1460,sackOK,TS val 3311545446 ecr 3361031,nop,wscale 9], length 0
IP 199.38.164.156.http > 10.0.2.109.33959: Flags [S.], seq 4217910485, ack 777386666, win 4380, options [mss 1460,nop,wscale 0,nop,nop,TS val 3690041151 ecr 3361175,sackOK,eol], length 0
IP 74.125.226.249.http > 10.0.2.109.45763: Flags [S.], seq 2645889525, ack 79909840, win 62392, options [mss 1430,sackOK,TS val 1192032006 ecr 3361277,nop,wscale 6], length 0
When I piped it to perl, I expected to extract the following output from the above command:
3029681720
4217910485
2645889525