2

I am trying to use dhcpdump to recognize people logging onto my home network and give them a tailor made greeting using a credential file.

I cannot get the mac address out of the results of dhcpdump. The machine I am running the script is not the DHCP server.

dhcpdump results :

  TIME: 2015-09-02 22:42:48.909
    IP: 0.0.0.0 (xx:xx:xx:xx:xx:xx) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
    OP: 1 (BOOTPREQUEST)
 HTYPE: 1 (Ethernet)
  HLEN: 6

The command I'm trying is:

dhcpdump -i eth0 | grep IP: | cut -d"(" -f2 | cut -d")" -f1

but it just won't work. Suggestions?

A.B.
  • 92,125
Brian Hunking
  • 51

2 Answers2

0

Using grep (thanks to A.B. for the --line-buffered suggestion):

dhcpdump -i eth0 | grep --line-buffered -Po ' *IP: .*?\(\K[^)]*'
dhcpdump -i eth0 | grep --line-buffered -Po ' *IP: .*\(\K[^)]*'

The first one will extract the first address, the second one will extract the last address;

grep command #1 breakdown:

  • *: matches any number of characters
  • IP:: matches an IP: string
  • .*?: matches any number of any character lazily
  • \(: matches a ( character
  • \K: discards the previous match
  • [^)]*: matches any number of any character not ) lazily

grep command #2 breakdown:

  • *: matches any number of characters
  • IP:: matches an IP: string
  • .*: matches any number of any character greedily
  • \(: matches a ( character
  • \K: discards the previous match
  • [^)]*: matches any number of any character not ) lazily

Sample output:

user@debian ~ % echo "IP: 0.0.0.0 (xx:xx:xx:xx:xx:xx) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)" | grep -Po ' *IP: .*?\(\K[^)]*' 
xx:xx:xx:xx:xx:xx
user@debian ~ % echo "IP: 0.0.0.0 (xx:xx:xx:xx:xx:xx) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)" | grep -Po ' *IP: .*\(\K[^)]*'
ff:ff:ff:ff:ff:ff
kos
  • 41,268
0

If you need grep you have to use the switch --line-buffered

An easier way is mawk and the -W interactive

sudo dhcpdump -i eth0 | mawk -W interactive '/IP: / {gsub(/\(|\)/,"", $3); print $3}'

Sample output (you have to wait some seconds)

64:31:50:30:ca:1e
40:61:86:7:ce:34
0:24:21:b1:6f:32
54:27:1e:19:7c:3b
0:23:7d:5f:4a:e8

If you need grep you have to use the switch --line-buffered

A.B.
  • 92,125