grep with continuous pipe does not work

Question

(maybe it is the \"tcpflow\" problem)

I write a script to monitoring http traffic, and I install tcpflow, then grep

it works (a

Answer 1

I think the problem is because of stdio buffering, you need to use GNU stdbuf before calling grep,

sudo tcpflow -p -c -i eth0 port 80 2>/dev/null | stdbuf -o0 grep '^Host: '

With the -o0, it basically means the output (stdout) stream from tcpflow will be unbuffered. The default behavior will be to automatically buffer up data into 4096¹ byte chunks before sending to next command in pipeline, which is what overriden using stdbuf

---

_{1. Refer this nice detail into the subject.}

Answer 2

To grep a continuous stream use --line-buffered option:

sudo tcpflow -p -c -i eth0 port 80 2> /dev/null | grep --line-buffered '^Host'

--line-buffered

Use line buffering on output. This can cause a performance penalty.

---

Some reflections about buffered outputting(stdbuf tool is also mentioned):

Pipes, how do data flow in a pipeline?