Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: TCPdump script
Top Forums Shell Programming and Scripting TCPdump script Post 302504838 by DGPickett on Tuesday 15th of March 2011 02:47:34 PM
Old 03-15-2011
cron can do the timing. The tricky thing is the date command % metacharacter is also the cron metacharacter, so you need to write a trivial script to call from cron. Do you want the date as well, or will it overwrite daily?
Code:
----- tcpd_cron.ksh file (#! must be on first line, chmod 744) -----
#!/usr/bin/ksh
 
(
date "+=============================
%Y-%m-%d %H:%M:%S Start ${0##*/} ($$)."
 
. ./.profile
 
tcpdump -s 2000 -w flowroute-$( date '+%H''%M' ).pcap
 
date "+%Y-%m-%d %H:%M:%S End ${0##*/} ($$) tcpdump returned $?.
==================================="
) >>tcpd_cron.log 2>&1
 
----- your crontab line ------
0,15,30,45 8-16 * * * tcpd_cron.ksh

The two single quotes in the middle of the date option is because %H% is an SCCS meta-string! Files are in your home dir, unless you expand the path! I assume your .profile will not mind running from a non-tty session (put all the term stuff at the end in an if) and sets any necessary PATH and such. As I recall, in cron stderr is discarded and stdout is emailed to you, so you want to redirect the outputs to a log file and log start and stop of every run with a date command, as bookends. A subshell does this once for everything inside.
Last edited by DGPickett; 03-15-2011 at 03:56 PM..
 

10 More Discussions You Might Find Interesting

1. Programming

How To Use tcpdump

I have two net-card. one is 172.16.24.99(ENG) ,another is 172.16.25.99(ENG-B). Both masks is 255.255.255.0. I will monitor data on the tcp port 8055 in ENG, How do I set option of tcpdump command (2 Replies)
Discussion started by: chenhao_no1
2 Replies

2. UNIX for Dummies Questions & Answers

tcpdump

does anybody know what the -d -dd and -ddd options are used for ? thanks (2 Replies)
Discussion started by: ant04
2 Replies

3. Cybersecurity

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (0 Replies)
Discussion started by: chamnanpol
0 Replies

4. IP Networking

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (2 Replies)
Discussion started by: chamnanpol
2 Replies

5. Shell Programming and Scripting

Help with script, trying to get tcpdump and rotate the file every 300 seconds

Greetings, I just started using scripting languages, im trying to get a tcpdump in a file, change the file name every 5mins ... this is what i have but its not working ... any suggestions? #!/bin/bash # timeout.sh #timestamp format TIMESTAMP=`date -u "+%Y%m%dT%H%M%S"` #tdump =`tcpdump... (3 Replies)
Discussion started by: livewire
3 Replies

6. Shell Programming and Scripting

write a script to parse some tcpdump output

i am trying to write a script to parse some tcpdump output, in each line of the tcpdump output, I know for sure there are 3 keywords exist: User{different usernamehere} NAS_ipaddr{different ip here} Calling_station{ip or dns name here} But the positions for these 3 keywords in the... (4 Replies)
Discussion started by: fedora
4 Replies

7. Shell Programming and Scripting

tcpdump script to parse "packers captured" details

I want a script that would do as:- a) gives me packet capture account for each time it runs. b) be able to run at a particular time for specific period time duration (1 min). c) for each time it runs it saves the time / day. Is there a way where i can capture the details as seen in the... (2 Replies)
Discussion started by: lazerz
2 Replies

8. Debian

Tcpdump Help !

Hi. Need Help with TcpDump Trying to sniff associatio-request with tcpdump but when i run this tcpdump -i eth0 wlan subtype assoc-req i get this error can anyone help me with this error ? Thanks alot !!:) (1 Reply)
Discussion started by: SoulZB
1 Replies

9. IP Networking

TCPdump

I've recently started learning to use TCPdump, and I find it pretty interesting. There's one thing I don't understand. When I tell it to capture packets on, say, the WiFi interface en1, it often captures packets sent or received by other hosts on the network. How can it do this? My... (3 Replies)
Discussion started by: Ultrix
3 Replies

10. Shell Programming and Scripting

Tcpdump on many machines from single script

Hi all, new to the forum and rusty with my scripting. I am trying to put together a quick and dirty script that will kickoff a tcpdump on multiple machines. Then, another script that will reach out (at a later time) to stop the processes and retrieve the data. It seems fairly easy conceptually... (2 Replies)
Discussion started by: k9sar
2 Replies

LEARN ABOUT PHP

cron

cron(1M)						  System Administration Commands						  cron(1M)

NAME

       cron - clock daemon

SYNOPSIS

       /usr/sbin/cron

DESCRIPTION

       cron starts a process that executes commands at specified dates and times.

       You   can   specify   regularly	 scheduled  commands  to  cron	according  to  instructions  found  in	crontab  files	in  the  directory
       /var/spool/cron/crontabs. Users can submit their own crontab file using the crontab(1) command. Commands which are to be executed only once
       can be submitted using the at(1) command.

       cron  only examines crontab or at command files during its own process initialization phase and when the crontab or at command is run. This
       reduces the overhead of checking for new or changed files at regularly scheduled intervals.

       As cron never exits, it should be executed only once. This is done routinely by way  of	the  svc:/system/cron:default  service.  The  file
       /etc/cron.d/FIFO file is used as a lock file to prevent the execution of more than one instance of cron.

       cron captures the output of the job's stdout and stderr streams, and, if it is not empty, mails the output to the user. If the job does not
       produce output, no mail is sent to the user. An exception is if the job is an at(1) job and the -m option was specified when  the  job  was
       submitted.

       cron and at jobs are not executed if your account is locked. Jobs and processses execute. The shadow(4) file defines which accounts are not
       locked and will have their jobs and processes executed.

   Setting cron Jobs Across Timezones
       The timezone of the cron daemon sets the system-wide timezone for cron entries. This, in turn, is  by  set  by  default	system-wide  using
       /etc/default/init.

       If  some  form  of  daylight savings or summer/winter time is in effect, then jobs scheduled during the switchover period could be executed
       once, twice, or not at all.

   Setting cron Defaults
       To keep a log of all actions taken by cron, you must specify CRONLOG=YES in the /etc/default/cron file. If you specify CRONLOG=NO, no  log-
       ging is done. Keeping the log is a user configurable option since cron usually creates huge log files.

       You  can  specify the PATH for user cron jobs by using PATH= in /etc/default/cron. You can set the PATH for root cron jobs using SUPATH= in
       /etc/default/cron. Carefully consider the security implications of setting PATH and SUPATH.

       Example /etc/default/cron file:

       CRONLOG=YES
       PATH=/usr/bin:/usr/ucb:

       This example enables logging and sets  the  default  PATH  used	by  non-root  jobs  to	/usr/bin:/usr/ucb:.  Root  jobs  continue  to  use
       /usr/sbin:/usr/bin.

       The cron log file is periodically rotated by logadm(1M).

FILES

       /etc/cron.d		       Main cron directory

       /etc/cron.d/FIFO 	       Lock file

       /etc/default/cron	       cron default settings file

       /var/cron/log		       cron history information

       /var/spool/cron		       Spool area

       /etc/cron.d/queuedefs	       Queue description file for at, batch, and cron

       /etc/logadm.conf 	       Configuration file for logadm

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       svcs(1), at(1), crontab(1), sh(1), logadm(1M), svcadm(1M), queuedefs(4), shadow(4), attributes(5), smf(5)

NOTES

       The cron service is managed by the service management facility, smf(5), under the service identifier:

       svc:/system/cron:default

       Administrative  actions	on  this  service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser-
       vice's status can be queried using the svcs(1) command.

DIAGNOSTICS

       A history of all actions taken by cron is stored in /var/cron/log and possibly in /var/cron/olog.

SunOS 5.10							    5 Aug 2004								  cron(1M)
All times are GMT -4. The time now is 09:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy