Skip to content

bash: how to send output to the console and through a pipe at the same time with tee

Posted by crox on
Let's say you want some output to be echoed to the console but also to be passed to a pipe. Specifically, in my case I wanted a message to be displayed to the user and also to be sent to syslog. You could of course just print it twice, but in some cases it's not possible, or it makes it more complicated than it should be.

There is a simple solution with tee: 
echo "a test" | tee >(logger)

  • Twitter
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg bash: how to send output to the console and through a pipe at the same time with tee
  • Mixx bash: how to send output to the console and through a pipe at the same time with tee
  • Bloglines bash: how to send output to the console and through a pipe at the same time with tee
  • Technorati bash: how to send output to the console and through a pipe at the same time with tee
  • Fark this: bash: how to send output to the console and through a pipe at the same time with tee
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at YahooMyWeb
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at Furl.net
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at reddit.com
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at blinklist.com
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at Spurl.net
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at NewsVine
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at Simpy.com
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee at blogmarks
  • Bookmark bash: how to send output to the console and through a pipe at the same time with tee with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Print this article!
  • E-mail this story to a friend!
  • Identi.ca

gulp - tcpdump alternative for lossless capture on Linux

Posted by crox on
tcpdump and wireshark are the tools that usually come to mind when you have to capture network traffic. But in some situations where you have to record a large amount of data and you want to avoid losing packets, tcpdump has some limitations. When I was hit myself by the tcpdump packet loss problem, I quickly found out that I was not alone and that a number of people had already researched the topic and/or provided alternatives.*

In particular, I found two different tools to perform the task: Corey Satten's gulp (http://corey.elsewhere.org/gulp/) and lindump from HP Labs (http://tesla.hpl.hp.com/opensource/)

I also found two interesting papers about capturing high volumes of traffic: http://www.usenix.org/events/fast09/tech/full_papers/anderson/anderson_html/ and http://docs.di.fc.ul.pt/jspui/bitstream/10455/3299/1/thesis-nhenriqu.pdf (the second quotes the first one among others, and also contains useful info to optimally spread the load among different cores)

After some tests I quickly became a happy gulp user, and thanks to the software being open source I was able to add features to it that I missed from the latest tcpdump versions:

-n - allows to change the default filename template
-t - allows to add a timestamp to the filename
-G - rotate pcap file every n seconds
-F - allows to skip the check for an ethernet interface
-Z - allows to specify a command to post-process each capture file

I've sent a patch to Corey Satten, who intends to setup a repository to hold the various contributions he gets for gulp. In the meanwhile, you can find my changes in the attached file (02-gulp-ntGFZ.patch.gz). For your convenience and for completeness, I also provide here the patch from Guy Harris that fixes issues on 64 bit systems (see http://seclists.org/wireshark/2009/Oct/105, apply that one first).

Updates:
2012-08-22: new version of my patch to fix the issue reported by SgtMalicious
2017-02-03: long-standing bug fixed

Downloads:
01-gulp-amd64.patch.gz: fix issues with 64-bit systems
02-gulp-ntGFZ.patch.gz: additional functionality as described above
gulp-1.58-crox.tgz: source with both patches applied

* other people have reported a performance drop with libpcap version 1.0 compared to previous builds, see http://thread.gmane.org/gmane.network.tcpdump.devel/4629 or http://seclists.org/tcpdump/2010/q3/index.html#11
  • Twitter
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg gulp - tcpdump alternative for lossless capture on Linux
  • Mixx gulp - tcpdump alternative for lossless capture on Linux
  • Bloglines gulp - tcpdump alternative for lossless capture on Linux
  • Technorati gulp - tcpdump alternative for lossless capture on Linux
  • Fark this: gulp - tcpdump alternative for lossless capture on Linux
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at YahooMyWeb
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at Furl.net
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at reddit.com
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at blinklist.com
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at Spurl.net
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at NewsVine
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at Simpy.com
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux at blogmarks
  • Bookmark gulp - tcpdump alternative for lossless capture on Linux with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Print this article!
  • E-mail this story to a friend!
  • Identi.ca

Linux: enable encrypted swap (Ubuntu / Debian)

Posted by crox on
1. create and enable a "regular" swap partition (fdisk / mkswap / swapon)

2. install ecryptfs-utils and run ecryptfs-setup-swap
sudo apt-get install ecryptfs-utils
sudo ecryptfs-setup-swap
  • Twitter
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg Linux: enable encrypted swap (Ubuntu / Debian)
  • Mixx Linux: enable encrypted swap (Ubuntu / Debian)
  • Bloglines Linux: enable encrypted swap (Ubuntu / Debian)
  • Technorati Linux: enable encrypted swap (Ubuntu / Debian)
  • Fark this: Linux: enable encrypted swap (Ubuntu / Debian)
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at YahooMyWeb
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at Furl.net
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at reddit.com
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at blinklist.com
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at Spurl.net
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at NewsVine
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at Simpy.com
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) at blogmarks
  • Bookmark Linux: enable encrypted swap (Ubuntu / Debian) with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Print this article!
  • E-mail this story to a friend!
  • Identi.ca

Thunderbird - change default message forward mode from "inline" to "attached"

Posted by crox on
For years the default behaviour in Thunderbird had been to forward e-mails as attachments, but at some point it was changed to "inline". You can still manually choose how you'd like to transfer a message by going to "Message" -> "Forward as", but I couldn't find a way to set the default in the preferences.

There is, however, a way to change it without messing with manual edit of config files. Go to "Preferences" -> "Advanced" -> "Config Editor...", and look for "mail.forward_message_mode". 0 is for "attached", 2 is for "inline".
  • Twitter
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg Thunderbird - change default message forward mode from "inline" to "attached"
  • Mixx Thunderbird - change default message forward mode from "inline" to "attached"
  • Bloglines Thunderbird - change default message forward mode from "inline" to "attached"
  • Technorati Thunderbird - change default message forward mode from "inline" to "attached"
  • Fark this: Thunderbird - change default message forward mode from "inline" to "attached"
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at YahooMyWeb
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at Furl.net
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at reddit.com
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at blinklist.com
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at Spurl.net
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at NewsVine
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at Simpy.com
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" at blogmarks
  • Bookmark Thunderbird - change default message forward mode from "inline" to "attached" with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Print this article!
  • E-mail this story to a friend!
  • Identi.ca

hping - [send_icmp] Unsupported icmp type

Posted by crox on
When performing tests you may sometimes want to send specially crafted icmp packets. hping is a handy tool for that.

However, the default behavior is to refuse to send "unsupported" Type/Code combinations. eg
hping3 -c 1 --icmp -C 33 -K 0 192.168.70.1
HPING 192.168.70.1 (wlan0 192.168.70.10): icmp mode set, 28 headers + 0 data bytes
[send_icmp] Unsupported icmp type!

Fortunately, there is an (undocumented) --force-icmp option that you can add to bypass the check:
hping3 -c 1 --icmp --force-icmp -C 33 -K 0 192.168.70.1
HPING 192.168.70.1 (wlan0 192.168.70.10): icmp mode set, 28 headers + 0 data bytes

--- 192.168.70.1 hping statistic ---
1 packets transmitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms

  • Twitter
  • Bookmark hping - [send_icmp] Unsupported icmp type at del.icio.us
  • Facebook
  • Google Bookmarks
  • FriendFeed
  • Digg hping - [send_icmp] Unsupported icmp type
  • Mixx hping - [send_icmp] Unsupported icmp type
  • Bloglines hping - [send_icmp] Unsupported icmp type
  • Technorati hping - [send_icmp] Unsupported icmp type
  • Fark this: hping - [send_icmp] Unsupported icmp type
  • Bookmark hping - [send_icmp] Unsupported icmp type at YahooMyWeb
  • Bookmark hping - [send_icmp] Unsupported icmp type at Furl.net
  • Bookmark hping - [send_icmp] Unsupported icmp type at reddit.com
  • Bookmark hping - [send_icmp] Unsupported icmp type at blinklist.com
  • Bookmark hping - [send_icmp] Unsupported icmp type at Spurl.net
  • Bookmark hping - [send_icmp] Unsupported icmp type at NewsVine
  • Bookmark hping - [send_icmp] Unsupported icmp type at Simpy.com
  • Bookmark hping - [send_icmp] Unsupported icmp type at blogmarks
  • Bookmark hping - [send_icmp] Unsupported icmp type with wists
  • wong it!
  • Bookmark using any bookmark manager!
  • Stumble It!
  • Print this article!
  • E-mail this story to a friend!
  • Identi.ca