I'm running tshark to capture stuff, then piping the output into awk to process it a bit. When I run the tshark command without the awk, I see the output in the terminal as it happens. When I pipe it into awk (I'm using -l on tshark), actually here it is: tshark -i wlan1 -l subtype probereq | awk -f ./blah.awk I see the counter go up as packages come in, but nothing happens. When it reaches 32, suddenly the first 32 lines appear, then nothing happens again. Can we get rid of this strange behaviour?

Ok, so tshark sample output after a few sec:

Running as user "root" and group "root". This could be dangerous.
Capturing on 'wlan1'
    1 0.000000000 0c:08:b4:07:1c:41 → ff:ff:ff:ff:ff:ff 802.11 288 Probe Request, SN=100, FN=0, Flags=........, SSID=gigacube-E7CA
    2 9.709432337 0c:08:b4:07:1c:41 → ff:ff:ff:ff:ff:ff 802.11 288 Probe Request, SN=117, FN=0, Flags=........, SSID=gigacube-E7CA
    3 9.969377335 0c:08:b4:07:1c:41 → ff:ff:ff:ff:ff:ff 802.11 288 Probe Request, SN=119, FN=0, Flags=........, SSID=gigacube-E7CA

awk file:

BEGIN {
        OFS = ",";
}
{
        print $3, substr($13, 6);
}

The output of the awk script on the output of the tshak command IF i first send the tshark output into a file:

0c:08:b4:07:1c:41,gigacube-E7CA
0c:08:b4:07:1c:41,gigacube-E7CA
0c:08:b4:07:1c:41,gigacube-E7CA
66:3c:76:d8:29:b2,Wildcard
66:3c:76:d8:29:b2,Wildcard
66:3c:76:d8:29:b2,Wildcard
66:3c:76:d8:29:b2,Wildcard

... as expected.

But tshark -i wlan1 -l -n subtype probereq | awk -f ./blah.awk only outputs the counter for like a minute - until it reaches about 32, then outputs about 30 lines together. I'd like 2 things:

• no counter
• continuous output, as it comes out of tshark