1

I want to log some specific HTTP requests that have a keyword, that are coming to a specific port. tcpflow works fine, but I can't write filtered results to an output file.

I don't understand why this command works flawlessly ('detect' is a keyword I am looking for) and shows only lines that I need.

tcpflow -p -c -i eth0 port 80 | grep detect

meanwhile, at the same time, this doesn't work at all. log.txt file is empty...

tcpflow -p -c -i eth0 port 80 | grep detect  > log.txt

I suppose it has something to do with binary output?

because this way it works, but it results in a huge file (I don't need so much data)

tcpflow -p -c -i eth0 port 80 > log.txt
grep log.txt --text detect

And It only works with --text attribute (without it says something about binary file format), and after several days the file can become really large.

Improve this question
1
  • 2
    Does it work with grep --line-buffered? Commented Feb 21, 2020 at 12:58

1 Answer 1

Reset to default
0

Thanks to Arkadiusz Drabczyk' comment. It works with a demo like this:

sudo tcpflow -i eth0 port 8080 -c | grep -A 50 "detect" --line-buffered  > /tmp/tcpflow.log
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.