04-30-2013
Unfortunately filtering offline it's not an option as well. The whole point is to model an ongoing scenario and that has to happen in real time.
As I said I'm open to any solution so I don't need to rely exclusively on tshark. I tried something like this:
tshark -i any | grep DIAMETER | awk 'BEGIN {MESSAGES=0}; /DIAMETER/ {if (MESSAGES<=6) MESSAGES++; else exit;}; END {print MESSAGES}'
but that only stopped awk and not tshark. I think I could do a kill on wireshark PID instead of exiting awk but I don't know how to get tshark PID in this setup.
Thanks!
10 More Discussions You Might Find Interesting
1. Filesystems, Disks and Memory
Am having trouble trying to stop the process below ...
bash# ps -eaf | grep "tape erase"
root 29715 1 0 05:16:22 ttyp1 00:00:00 tape erase /dev/rStp0
root 22464 20933 1 03:40:12 ttyp6 00:00:00 grep tape eraseI've tried ... `kill -9 29715` ... but still no luck.
Help... (8 Replies)
Discussion started by: Cameron
8 Replies
2. Solaris
Hi,
I have a sun sparc system. I don't have a sun keyboard, hence i connected a pc keyboard.
I would like to know the "STOP A" equivalent command to be used on pc keyboard.
Regards,
Raja (4 Replies)
Discussion started by: RajaRC
4 Replies
3. SCO
i hit ping to ping a server, and it keeps going.
how do you stop it? ctrl Z, D, C, nothing works. (2 Replies)
Discussion started by: BG_JrAdmin
2 Replies
4. UNIX for Advanced & Expert Users
Hi ,
I have one question, suppose i am a normal user and when i use 'w' command , it shows who is logged on and what they are doing .
Now i want to stop others users to know what i am doing accept the root ?
can i do this ?
thanks (5 Replies)
Discussion started by: mobile01
5 Replies
5. UNIX for Advanced & Expert Users
Hello,
I am hosting a site that someone is bouncing a huge amount of spam off of and I have not been able to find what file they are using to abuse my server.
Short of terminating the account and telling my customer to take a hike I am hoping someone can help me find the file that is being... (1 Reply)
Discussion started by: dorpan
1 Replies
6. UNIX for Dummies Questions & Answers
Hi All,
I am running parallel process as they all run the same JOBS and only thing which changes is the argument which ia passed.
I am doing it as follows
script.sh $1 &
script.sh $2 &
script.sh $3 &..
and so on.
Now each process has same set of JOBS which are to be executed. Now say... (1 Reply)
Discussion started by: Prashantckc
1 Replies
7. Solaris
I am using solaris x86 with a pc keyboard. i am trying to get to the ok prompt i have tried ctrl-break but it is not working , alt-break will not as well.
pls any thought? (4 Replies)
Discussion started by: seyiisq
4 Replies
8. Solaris
Hello all. I have a Solaris 10 box and I want to install a later version of Apache than what ships with the OS.
Before I install the later version, I want to completely stop the current version of Apache (the httpd service) from running or from starting at boot time.
What is the best way to... (3 Replies)
Discussion started by: RobertSubnet
3 Replies
9. Red Hat
I have a user ( and actually me too) getting this messages when the screen is idle, I need help on stopping this messages:
2012 Feb 20 13:30:22 servername Audit: LENGTH: "330" SESSIONID: "339384" ENTRYID: "1" STATEMENT: "1" USERID: "OPS$PT2ADM" USERHOST: "zzzzzzzzzzz" ACTION: "100" RETURNCODE:... (2 Replies)
Discussion started by: 300zxmuro
2 Replies
10. IP Networking
Hi everyone!
How can I get response time difference between GET and HTTP/1.0 200 OK (i mean time latency of web-server) with using of tshark&shell or something else for each hostname from pcap file?
What can you recommend me to do that? (1 Reply)
Discussion started by: lepetal
1 Replies
LEARN ABOUT DEBIAN
dnspktflow
DNSPKTFLOW(1p) User Contributed Perl Documentation DNSPKTFLOW(1p)
NAME
dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file
SYNOPSIS
dnspktflow -o output.png file.tcpdump
dnspktflow -o output.png -x -a -t -q file.tcpdump
DESCRIPTION
The dnspktflow application takes a tcpdump network traffic dump file, passes it through the tshark application and then displays the
resulting DNS packet flows in a "flow-diagram" image. dnspktflow can output a single image or a series of images which can then be shown
in sequence as an animation.
dnspktflow was written as a debugging utility to help trace DNS queries and responses, especially as they apply to DNSSEC-enabled lookups.
REQUIREMENTS
This application requires the following Perl modules and software components to work:
graphviz (http://www.graphviz.org/)
GraphViz (Perl module)
tshark (http://www.wireshark.org/)
The following is required for outputting screen presentations:
MagicPoint (http://member.wide.ad.jp/wg/mgp/)
If the following modules are installed, a GUI interface will be enabled for communication with dnspktflow:
QWizard (Perl module)
Getopt::GUI::Long (Perl module)
OPTIONS
dnspktflow takes a wide variety of command-line options. These options are described below in the following functional groups: input
packet selection, output file options, output visualization options, graphical options, and debugging.
Input Packet Selection
These options determine the packets that will be selected by dnspktflow.
-i STRING
--ignore-hosts=STRING
A regular expression of host names to ignore in the query/response fields.
-r STRING
--only-hosts=STRING
A regular expression of host names to analyze in the query/response fields.
-f
--show-frame-num
Display the packet frame numbers.
-b INTEGER
--begin-frame=INTEGER
Begin at packet frame NUMBER.
Output File Options
These options determine the type and location of dnspktflow's output.
-o STRING
--output-file=STRING
Output file name (default: out%03d.png as PNG format.)
--fig
Output format should be fig.
-O STRING
--tshark-out=STRING
Save tshark output to this file.
-m
--multiple-outputs
One picture per request (use %03d in the filename.)
-M STRING
--magic-point=STRING
Saves a MagicPoint presentation for the output.
Output Visualization Options:
These options determine specifics of dnspktflow's output.
--layout-style
Selects the graphviz layout style to use (dot, neato, twopi, circo, or fdp).
-L
--last-line-labels-only
Only show data on the last line drawn.
-z INTEGER
--most-lines=INTEGER
Only show at most INTEGER connections.
-T
--input-is-tshark-out
The input file is already processed by tshark.
Graphical Options:
These options determine fields included in dnspktflow's output.
-t
--show-type
Shows message type in result image.
-q
--show-queries
Shows query questions in result image.
-a
--show-answers
Shows query answers in result image.
-A
--show-authoritative
Shows authoritative information in result image.
-x
--show-additional
Shows additional information in result image.
-l
--show-label-lines
Shows lines attaching labels to lines.
--fontsize=INTEGER
Font Size
Debugging:
These options may assist in debugging dnspktflow.
-d
--dump-pkts
Dump data collected from the packets.
-h
--help
Show help for command line options.
COPYRIGHT
Copyright 2004-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
AUTHOR
Wes Hardaker <hardaker@users.sourceforge.net>
SEE ALSO
Getopt::GUI::Long(3) Net::DNS(3) QWizard.pm(3)
http://dnssec-tools.sourceforge.net/
perl v5.14.2 2012-06-21 DNSPKTFLOW(1p)