|
Home > Archive > Unix administration > September 2005 > How to let the tcpdump automatically stop listening?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to let the tcpdump automatically stop listening?
|
|
|
| Hi every one:
I have one question regarding to the tcpdump:
I use the tcpdump to get the packet in the ethernet by the source
address. If no packets relating to a current source, how can I ask
tcpdump stop the listening automatically?
Thanks
| |
| Barry Margolin 2005-09-25, 2:54 am |
| In article <1127601178.000597.321570@o13g2000cwo.googlegroups.com>,
"yezi" <ye_line@hotmail.com> wrote:
> Hi every one:
>
> I have one question regarding to the tcpdump:
> I use the tcpdump to get the packet in the ethernet by the source
> address. If no packets relating to a current source, how can I ask
> tcpdump stop the listening automatically?
It sounds like you're looking for an idle timeout in tcpdump. I don't
think it has such an option.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
| ted@loft.tnolan.com (Ted Nolan 2005-09-25, 2:54 am |
| In article <barmar-EE32C7.21571724092005@comcast.dca.giganews.com>,
Barry Margolin <barmar@alum.mit.edu> wrote:
>
>
>In article <1127601178.000597.321570@o13g2000cwo.googlegroups.com>,
> "yezi" <ye_line@hotmail.com> wrote:
>
>
>It sounds like you're looking for an idle timeout in tcpdump. I don't
>think it has such an option.
>
But it wouldn't be too hard to spawn it from a shell script that keeps
the pid and kills it after x seconds in all cases..
Ted
| |
|
| The problem is my scripts has tons of tcpdump. I can not manually to
maintain that task.
| |
| Michael Vilain 2005-09-26, 6:02 pm |
| In article <1127749243.324370.30340@g43g2000cwa.googlegroups.com>,
"yezi" <ye_line@hotmail.com> wrote:
> The problem is my scripts has tons of tcpdump. I can not manually to
> maintain that task.
well, tcpdump is opensource right? So, modify it to include the timeout
feature you need.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
| |
| Loki Harfagr 2005-09-28, 7:58 am |
| Le Mon, 26 Sep 2005 08:40:43 -0700, yezi a écrit_:
> The problem is my scripts has tons of tcpdump. I can not manually to
> maintain that task.
globally replace your tcpdump calls with a _tcpdump shell script
spawning the tcpdump with a trigger on timeout ...
One small script, one global replace, shorter than to introduce
time slips bugs in the code ;-)
| |
| Barry Margolin 2005-09-29, 2:55 am |
| In article <7HpZe.2012$%H2.180@bignews4.bellsouth.net>,
ted@loft.tnolan.com (Ted Nolan <tednolan> ) wrote:
> In article <barmar-EE32C7.21571724092005@comcast.dca.giganews.com>,
> Barry Margolin <barmar@alum.mit.edu> wrote:
>
> But it wouldn't be too hard to spawn it from a shell script that keeps
> the pid and kills it after x seconds in all cases..
He doesn't want to kill it after x seconds, only if x seconds go by with
no packets from the given source address.
I think the way to do this would be spawn tcpdump in the background,
having it write to a file. Then check every x seconds to see if the
file's modification time has changed; if not, kill tcpdump and return.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
| ted@loft.tnolan.com (Ted Nolan 2005-09-29, 2:55 am |
| In article <barmar-D47C62.01114229092005@comcast.dca.giganews.com>,
Barry Margolin <barmar@alum.mit.edu> wrote:
>
>
>In article <7HpZe.2012$%H2.180@bignews4.bellsouth.net>,
> ted@loft.tnolan.com (Ted Nolan <tednolan> ) wrote:
>
>
>He doesn't want to kill it after x seconds, only if x seconds go by with
>no packets from the given source address.
>
>I think the way to do this would be spawn tcpdump in the background,
>having it write to a file. Then check every x seconds to see if the
>file's modification time has changed; if not, kill tcpdump and return.
>
OK, I had a hard time parsing the desideratum.
There mignt be some stdio buffering issues there. If it's writing
stdout to a file, then probably -l for setting line buffering would
work. If he wants a -w save file I don't see any way to make sure
that gets flushed for each packet.
Ted
| |
| Barry Margolin 2005-09-29, 6:00 pm |
| In article <9eM_e.9104$yl.1456@bignews1.bellsouth.net>,
ted@loft.tnolan.com (Ted Nolan <tednolan> ) wrote:
> If he wants a -w save file I don't see any way to make sure
> that gets flushed for each packet.
I think tcpdump automatically flushes the file when it gets a SIGINT.
That way you don't lose anything when you Ctl-C it.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
| ted@loft.tnolan.com (Ted Nolan 2005-09-30, 2:50 am |
| In article <barmar-2F1E02.18472129092005@comcast.dca.giganews.com>,
Barry Margolin <barmar@alum.mit.edu> wrote:
>
>
>In article <9eM_e.9104$yl.1456@bignews1.bellsouth.net>,
> ted@loft.tnolan.com (Ted Nolan <tednolan> ) wrote:
>
>
>I think tcpdump automatically flushes the file when it gets a SIGINT.
>That way you don't lose anything when you Ctl-C it.
>
>--
>Barry Margolin, barmar@alum.mit.edu
But that's not the problem, unless I'm missing something. Suppose you
get _one_ packet from your source. Tcpdump does an fwrite, but the stdio
buffer isn't full so it doesn't get flushed to disk, and the file's
mod-time (which the script is checking) doesn't change so tcpdump
could get killed even though it got some traffic.
Ted
|
|
|
|
|