Bash脚本将仅替换第一行

Question

I want to extract the timestamp of the packets using tcpdump and put it into a file, in such a way that the latest timestamp replaces the first line (which either is empty or contains the the timestamp of the second-last packet). Its necessary that the file should only have a 1 line entry ie. the timestamp of the latest packet.

This is what I did:

sudo tcpdump -i eth0 -l | cut -d . -f1 >  test.txt

cat test.txt
16:08:04
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05

But what I want is only the latest timestamp:

cat test.txt
16:08:05

Any Ideas?

Answer 1

From what I've tested, it looks like your script will run forever and you may need to see the last packet in another process, isn't it?

$ cat test.txt

16:08:04
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05

If you only want the latest packet (ie the last line), please try

$ tail -1 test.txt

16:08:05

if you want to see the latest packet together with the rest, please try

$ tail -1 test.txt > tmp_out; cat test.txt >> tmp_out; cat tmp_out

16:08:05
16:08:04
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05
16:08:05

Answer 2

Using awk you can do:

sudo tcpdump -i en0 -l -c 5 2>/dev/null | awk -F'\\.' '$1~/^[012][0-9]:/{p=$1} 
   END{print p > "output"}'

cat output
08:27:51

This will get max timestamp and store it in file called output .