I changed the approach a little bit. I noticed I don't actually need to kill tshark in order to stop the capture.
I have the following Diameter input:
After the eighth incoming Diameter message I want to run a script:
The following command seem to work well (meaning it launches do_something.sh) if I replace DIAMETER with HTTP in grep and DIAMETER with GET in awk but for some reason with Diameter traffic it just never stops. If I terminate it with CTRL+C I get the following output that makes me think there's something with the awk script:
Any ideas?
Thanks!
---------- Post updated at 06:25 PM ---------- Previous update was at 02:10 AM ----------
I've noticed if I do the following the awk script works fine with Diameter traffic:
Hi,
I have a sun sparc system. I don't have a sun keyboard, hence i connected a pc keyboard.
I would like to know the "STOP A" equivalent command to be used on pc keyboard.
Regards,
Raja (4 Replies)
Hi ,
I have one question, suppose i am a normal user and when i use 'w' command , it shows who is logged on and what they are doing .
Now i want to stop others users to know what i am doing accept the root ?
can i do this ?
thanks (5 Replies)
Hello,
I am hosting a site that someone is bouncing a huge amount of spam off of and I have not been able to find what file they are using to abuse my server.
Short of terminating the account and telling my customer to take a hike I am hoping someone can help me find the file that is being... (1 Reply)
Hi All,
I am running parallel process as they all run the same JOBS and only thing which changes is the argument which ia passed.
I am doing it as follows
script.sh $1 &
script.sh $2 &
script.sh $3 &..
and so on.
Now each process has same set of JOBS which are to be executed. Now say... (1 Reply)
I am using solaris x86 with a pc keyboard. i am trying to get to the ok prompt i have tried ctrl-break but it is not working , alt-break will not as well.
pls any thought? (4 Replies)
Hello all. I have a Solaris 10 box and I want to install a later version of Apache than what ships with the OS.
Before I install the later version, I want to completely stop the current version of Apache (the httpd service) from running or from starting at boot time.
What is the best way to... (3 Replies)
I have a user ( and actually me too) getting this messages when the screen is idle, I need help on stopping this messages:
2012 Feb 20 13:30:22 servername Audit: LENGTH: "330" SESSIONID: "339384" ENTRYID: "1" STATEMENT: "1" USERID: "OPS$PT2ADM" USERHOST: "zzzzzzzzzzz" ACTION: "100" RETURNCODE:... (2 Replies)
Hi everyone!
How can I get response time difference between GET and HTTP/1.0 200 OK (i mean time latency of web-server) with using of tshark&shell or something else for each hostname from pcap file?
What can you recommend me to do that? (1 Reply)
Discussion started by: lepetal
1 Replies
LEARN ABOUT DEBIAN
dnspktflow
DNSPKTFLOW(1p) User Contributed Perl Documentation DNSPKTFLOW(1p)NAME
dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file
SYNOPSIS
dnspktflow -o output.png file.tcpdump
dnspktflow -o output.png -x -a -t -q file.tcpdump
DESCRIPTION
The dnspktflow application takes a tcpdump network traffic dump file, passes it through the tshark application and then displays the
resulting DNS packet flows in a "flow-diagram" image. dnspktflow can output a single image or a series of images which can then be shown
in sequence as an animation.
dnspktflow was written as a debugging utility to help trace DNS queries and responses, especially as they apply to DNSSEC-enabled lookups.
REQUIREMENTS
This application requires the following Perl modules and software components to work:
graphviz (http://www.graphviz.org/)
GraphViz (Perl module)
tshark (http://www.wireshark.org/)
The following is required for outputting screen presentations:
MagicPoint (http://member.wide.ad.jp/wg/mgp/)
If the following modules are installed, a GUI interface will be enabled for communication with dnspktflow:
QWizard (Perl module)
Getopt::GUI::Long (Perl module)
OPTIONS
dnspktflow takes a wide variety of command-line options. These options are described below in the following functional groups: input
packet selection, output file options, output visualization options, graphical options, and debugging.
Input Packet Selection
These options determine the packets that will be selected by dnspktflow.
-i STRING
--ignore-hosts=STRING
A regular expression of host names to ignore in the query/response fields.
-r STRING
--only-hosts=STRING
A regular expression of host names to analyze in the query/response fields.
-f
--show-frame-num
Display the packet frame numbers.
-b INTEGER
--begin-frame=INTEGER
Begin at packet frame NUMBER.
Output File Options
These options determine the type and location of dnspktflow's output.
-o STRING
--output-file=STRING
Output file name (default: out%03d.png as PNG format.)
--fig
Output format should be fig.
-O STRING
--tshark-out=STRING
Save tshark output to this file.
-m
--multiple-outputs
One picture per request (use %03d in the filename.)
-M STRING
--magic-point=STRING
Saves a MagicPoint presentation for the output.
Output Visualization Options:
These options determine specifics of dnspktflow's output.
--layout-style
Selects the graphviz layout style to use (dot, neato, twopi, circo, or fdp).
-L
--last-line-labels-only
Only show data on the last line drawn.
-z INTEGER
--most-lines=INTEGER
Only show at most INTEGER connections.
-T
--input-is-tshark-out
The input file is already processed by tshark.
Graphical Options:
These options determine fields included in dnspktflow's output.
-t
--show-type
Shows message type in result image.
-q
--show-queries
Shows query questions in result image.
-a
--show-answers
Shows query answers in result image.
-A
--show-authoritative
Shows authoritative information in result image.
-x
--show-additional
Shows additional information in result image.
-l
--show-label-lines
Shows lines attaching labels to lines.
--fontsize=INTEGER
Font Size
Debugging:
These options may assist in debugging dnspktflow.
-d
--dump-pkts
Dump data collected from the packets.
-h
--help
Show help for command line options.
COPYRIGHT
Copyright 2004-2012 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
AUTHOR
Wes Hardaker <hardaker@users.sourceforge.net>
SEE ALSO Getopt::GUI::Long(3)Net::DNS(3)QWizard.pm(3)
http://dnssec-tools.sourceforge.net/
perl v5.14.2 2012-06-21 DNSPKTFLOW(1p)