Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Stop tshark capture
Special Forums IP Networking Stop tshark capture Post 302830001 by oti on Monday 8th of July 2013 11:25:55 AM
Old 07-08-2013
I changed the approach a little bit. I noticed I don't actually need to kill tshark in order to stop the capture.

I have the following Diameter input:

Code:
host:~/work/regression$ sudo script -q -c 'tshark -i any' /dev/null | grep DIAMETER 
  0.156393    10.0.2.15 -> 10.22.182.20 DIAMETER 236 cmd=Capabilities-ExchangeRequest(257) flags=R--- appl=Diameter Common Messages(0) h2h=0 e2e=0
  0.410201 10.22.182.20 -> 10.0.2.15    DIAMETER 332 cmd=Capabilities-ExchangeAnswer(257) flags=---- appl=Diameter Common Messages(0) h2h=0 e2e=0
  0.912780    10.0.2.15 -> 10.22.182.20 DIAMETER 408 cmd=Credit-ControlRequest(272) flags=R--- appl=3GPP Gx(16777238) h2h=1a64 e2e=fa0
  1.095632 10.22.182.20 -> 10.0.2.15    DIAMETER 276 cmd=Credit-ControlAnswer(272) flags=---- appl=3GPP Gx(16777238) h2h=1a64 e2e=fa0
  1.097361    10.0.2.15 -> 10.22.182.20 DIAMETER 312 cmd=Credit-ControlRequest(272) flags=R--- appl=3GPP Gx(16777238) h2h=1a65 e2e=fa1
  1.275714 10.22.182.20 -> 10.0.2.15    DIAMETER 204 cmd=Credit-ControlAnswer(272) flags=---- appl=3GPP Gx(16777238) h2h=1a65 e2e=fa1
  1.277086    10.0.2.15 -> 10.22.182.20 DIAMETER 312 cmd=Credit-ControlRequest(272) flags=R--- appl=3GPP Gx(16777238) h2h=1a66 e2e=fa2
  1.462886 10.22.182.20 -> 10.0.2.15    DIAMETER 204 cmd=Credit-ControlAnswer(272) flags=---- appl=3GPP Gx(16777238) h2h=1a66 e2e=fa2

After the eighth incoming Diameter message I want to run a script:

Code:
sudo script -q -c 'tshark -i any' /dev/null | grep DIAMETER | awk 'BEGIN {MESSAGES=0}; /DIAMETER/ {if (MESSAGES<8) {MESSAGES++;print MESSAGES;} else exit;}; END {print MESSAGES}'; ./do_something.sh

The following command seem to work well (meaning it launches do_something.sh) if I replace DIAMETER with HTTP in grep and DIAMETER with GET in awk but for some reason with Diameter traffic it just never stops. If I terminate it with CTRL+C I get the following output that makes me think there's something with the awk script:

Code:
host:~/work/regression$ sudo script -q -c 'tshark -i any' /dev/null | grep DIAMETER | awk 'BEGIN {MESSAGES=0}; /DIAMETER/ {if (MESSAGES<8) {MESSAGES++;print MESSAGES;} else exit;}; END {print MESSAGES}'; ./do_something.sh 
1
2
3
4
5
6
7
8
8

Any ideas?
Thanks!

---------- Post updated at 06:25 PM ---------- Previous update was at 02:10 AM ----------

I've noticed if I do the following the awk script works fine with Diameter traffic:

Code:
sudo script -q -c 'tshark -i any' /dev/null | grep DIAMETER | tee snoop.txt

cat snoop.txt | awk 'BEGIN {MESSAGES=0}; /DIAMETER/ {if (MESSAGES<8) {MESSAGES++;print MESSAGES;} else exit;}; END {print MESSAGES}'; ./do_something.sh

 

10 More Discussions You Might Find Interesting

1. Filesystems, Disks and Memory

How do I stop this???

Am having trouble trying to stop the process below ... bash# ps -eaf | grep "tape erase" root 29715 1 0 05:16:22 ttyp1 00:00:00 tape erase /dev/rStp0 root 22464 20933 1 03:40:12 ttyp6 00:00:00 grep tape eraseI've tried ... `kill -9 29715` ... but still no luck. Help... (8 Replies)
Discussion started by: Cameron
8 Replies

2. Solaris

STOP A sequence

Hi, I have a sun sparc system. I don't have a sun keyboard, hence i connected a pc keyboard. I would like to know the "STOP A" equivalent command to be used on pc keyboard. Regards, Raja (4 Replies)
Discussion started by: RajaRC
4 Replies

3. SCO

stop commands

i hit ping to ping a server, and it keeps going. how do you stop it? ctrl Z, D, C, nothing works. (2 Replies)
Discussion started by: BG_JrAdmin
2 Replies

4. UNIX for Advanced & Expert Users

how to stop others users to stop viewing what i am doing ?

Hi , I have one question, suppose i am a normal user and when i use 'w' command , it shows who is logged on and what they are doing . Now i want to stop others users to know what i am doing accept the root ? can i do this ? thanks (5 Replies)
Discussion started by: mobile01
5 Replies

5. UNIX for Advanced & Expert Users

help me stop spammer

Hello, I am hosting a site that someone is bouncing a huge amount of spam off of and I have not been able to find what file they are using to abuse my server. Short of terminating the account and telling my customer to take a hike I am hoping someone can help me find the file that is being... (1 Reply)
Discussion started by: dorpan
1 Replies

6. UNIX for Dummies Questions & Answers

To Stop at error

Hi All, I am running parallel process as they all run the same JOBS and only thing which changes is the argument which ia passed. I am doing it as follows script.sh $1 & script.sh $2 & script.sh $3 &.. and so on. Now each process has same set of JOBS which are to be executed. Now say... (1 Reply)
Discussion started by: Prashantckc
1 Replies

7. Solaris

stop - A

I am using solaris x86 with a pc keyboard. i am trying to get to the ok prompt i have tried ctrl-break but it is not working , alt-break will not as well. pls any thought? (4 Replies)
Discussion started by: seyiisq
4 Replies

8. Solaris

Stop apache

Hello all. I have a Solaris 10 box and I want to install a later version of Apache than what ships with the OS. Before I install the later version, I want to completely stop the current version of Apache (the httpd service) from running or from starting at boot time. What is the best way to... (3 Replies)
Discussion started by: RobertSubnet
3 Replies

9. Red Hat

How can I stop this???

I have a user ( and actually me too) getting this messages when the screen is idle, I need help on stopping this messages: 2012 Feb 20 13:30:22 servername Audit: LENGTH: "330" SESSIONID: "339384" ENTRYID: "1" STATEMENT: "1" USERID: "OPS$PT2ADM" USERHOST: "zzzzzzzzzzz" ACTION: "100" RETURNCODE:... (2 Replies)
Discussion started by: 300zxmuro
2 Replies

10. IP Networking

Tshark/pcap and web-server response time

Hi everyone! How can I get response time difference between GET and HTTP/1.0 200 OK (i mean time latency of web-server) with using of tshark&shell or something else for each hostname from pcap file? What can you recommend me to do that? (1 Reply)
Discussion started by: lepetal
1 Replies

LEARN ABOUT DEBIAN

dnspktflow

DNSPKTFLOW(1p)						User Contributed Perl Documentation					    DNSPKTFLOW(1p)

NAME

       dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file

SYNOPSIS

	 dnspktflow -o output.png file.tcpdump

	 dnspktflow -o output.png -x -a -t -q file.tcpdump

DESCRIPTION

       The dnspktflow application takes a tcpdump network traffic dump file, passes it through the tshark application and then displays the
       resulting DNS packet flows in a "flow-diagram" image.  dnspktflow can output a single image or a series of images which can then be shown
       in sequence as an animation.

       dnspktflow was written as a debugging utility to help trace DNS queries and responses, especially as they apply to DNSSEC-enabled lookups.

REQUIREMENTS

       This application requires the following Perl modules and software components to work:

	 graphviz		   (http://www.graphviz.org/)
	 GraphViz		   (Perl module)
	 tshark 		   (http://www.wireshark.org/)

       The following is required for outputting screen presentations:

	 MagicPoint		   (http://member.wide.ad.jp/wg/mgp/)

       If the following modules are installed, a GUI interface will be enabled for communication with dnspktflow:

	 QWizard		   (Perl module)
	 Getopt::GUI::Long	   (Perl module)

OPTIONS

       dnspktflow takes a wide variety of command-line options.  These options are described below in the following functional groups:	input
       packet selection, output file options, output visualization options, graphical options, and debugging.

   Input Packet Selection
       These options determine the packets that will be selected by dnspktflow.

       -i STRING
       --ignore-hosts=STRING
	   A regular expression of host names to ignore in the query/response fields.

       -r STRING
       --only-hosts=STRING
	   A regular expression of host names to analyze in the query/response fields.

       -f
       --show-frame-num
	   Display the packet frame numbers.

       -b INTEGER
       --begin-frame=INTEGER
	   Begin at packet frame NUMBER.

   Output File Options
       These options determine the type and location of dnspktflow's output.

       -o STRING
       --output-file=STRING
	   Output file name (default: out%03d.png as PNG format.)

       --fig
	   Output format should be fig.

       -O STRING
       --tshark-out=STRING
	   Save tshark output to this file.

       -m
       --multiple-outputs
	   One picture per request (use %03d in the filename.)

       -M STRING
       --magic-point=STRING
	   Saves a MagicPoint presentation for the output.

   Output Visualization Options:
       These options determine specifics of dnspktflow's output.

       --layout-style
	   Selects the graphviz layout style to use (dot, neato, twopi, circo, or fdp).

       -L
       --last-line-labels-only
	   Only show data on the last line drawn.

       -z INTEGER
       --most-lines=INTEGER
	   Only show at most INTEGER connections.

       -T
       --input-is-tshark-out
	   The input file is already processed by tshark.

   Graphical Options:
       These options determine fields included in dnspktflow's output.

       -t
       --show-type
	   Shows message type in result image.

       -q
       --show-queries
	   Shows query questions in result image.

       -a
       --show-answers
	   Shows query answers in result image.

       -A
       --show-authoritative
	   Shows authoritative information in result image.

       -x
       --show-additional
	   Shows additional information in result image.

       -l
       --show-label-lines
	   Shows lines attaching labels to lines.

       --fontsize=INTEGER
	   Font Size

   Debugging:
       These options may assist in debugging dnspktflow.

       -d
       --dump-pkts
	   Dump data collected from the packets.

       -h
       --help
	   Show help for command line options.

COPYRIGHT

       Copyright 2004-2012 SPARTA, Inc.  All rights reserved.  See the COPYING file included with the DNSSEC-Tools package for details.

AUTHOR

       Wes Hardaker <hardaker@users.sourceforge.net>

SEE ALSO

       Getopt::GUI::Long(3) Net::DNS(3) QWizard.pm(3)

       http://dnssec-tools.sourceforge.net/

perl v5.14.2							    2012-06-21							    DNSPKTFLOW(1p)
All times are GMT -4. The time now is 09:42 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy