Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Stop tshark capture
Special Forums IP Networking Stop tshark capture Post 302830001 by oti on Monday 8th of July 2013 11:25:55 AM
Old 07-08-2013
I changed the approach a little bit. I noticed I don't actually need to kill tshark in order to stop the capture.

I have the following Diameter input:

Code:
host:~/work/regression$ sudo script -q -c 'tshark -i any' /dev/null | grep DIAMETER 
  0.156393    10.0.2.15 -> 10.22.182.20 DIAMETER 236 cmd=Capabilities-ExchangeRequest(257) flags=R--- appl=Diameter Common Messages(0) h2h=0 e2e=0
  0.410201 10.22.182.20 -> 10.0.2.15    DIAMETER 332 cmd=Capabilities-ExchangeAnswer(257) flags=---- appl=Diameter Common Messages(0) h2h=0 e2e=0
  0.912780    10.0.2.15 -> 10.22.182.20 DIAMETER 408 cmd=Credit-ControlRequest(272) flags=R--- appl=3GPP Gx(16777238) h2h=1a64 e2e=fa0
  1.095632 10.22.182.20 -> 10.0.2.15    DIAMETER 276 cmd=Credit-ControlAnswer(272) flags=---- appl=3GPP Gx(16777238) h2h=1a64 e2e=fa0
  1.097361    10.0.2.15 -> 10.22.182.20 DIAMETER 312 cmd=Credit-ControlRequest(272) flags=R--- appl=3GPP Gx(16777238) h2h=1a65 e2e=fa1
  1.275714 10.22.182.20 -> 10.0.2.15    DIAMETER 204 cmd=Credit-ControlAnswer(272) flags=---- appl=3GPP Gx(16777238) h2h=1a65 e2e=fa1
  1.277086    10.0.2.15 -> 10.22.182.20 DIAMETER 312 cmd=Credit-ControlRequest(272) flags=R--- appl=3GPP Gx(16777238) h2h=1a66 e2e=fa2
  1.462886 10.22.182.20 -> 10.0.2.15    DIAMETER 204 cmd=Credit-ControlAnswer(272) flags=---- appl=3GPP Gx(16777238) h2h=1a66 e2e=fa2

After the eighth incoming Diameter message I want to run a script:

Code:
sudo script -q -c 'tshark -i any' /dev/null | grep DIAMETER | awk 'BEGIN {MESSAGES=0}; /DIAMETER/ {if (MESSAGES<8) {MESSAGES++;print MESSAGES;} else exit;}; END {print MESSAGES}'; ./do_something.sh

The following command seem to work well (meaning it launches do_something.sh) if I replace DIAMETER with HTTP in grep and DIAMETER with GET in awk but for some reason with Diameter traffic it just never stops. If I terminate it with CTRL+C I get the following output that makes me think there's something with the awk script:

Code:
host:~/work/regression$ sudo script -q -c 'tshark -i any' /dev/null | grep DIAMETER | awk 'BEGIN {MESSAGES=0}; /DIAMETER/ {if (MESSAGES<8) {MESSAGES++;print MESSAGES;} else exit;}; END {print MESSAGES}'; ./do_something.sh 
1
2
3
4
5
6
7
8
8

Any ideas?
Thanks!

---------- Post updated at 06:25 PM ---------- Previous update was at 02:10 AM ----------

I've noticed if I do the following the awk script works fine with Diameter traffic:

Code:
sudo script -q -c 'tshark -i any' /dev/null | grep DIAMETER | tee snoop.txt

cat snoop.txt | awk 'BEGIN {MESSAGES=0}; /DIAMETER/ {if (MESSAGES<8) {MESSAGES++;print MESSAGES;} else exit;}; END {print MESSAGES}'; ./do_something.sh

 

10 More Discussions You Might Find Interesting

1. Filesystems, Disks and Memory

How do I stop this???

Am having trouble trying to stop the process below ... bash# ps -eaf | grep "tape erase" root 29715 1 0 05:16:22 ttyp1 00:00:00 tape erase /dev/rStp0 root 22464 20933 1 03:40:12 ttyp6 00:00:00 grep tape eraseI've tried ... `kill -9 29715` ... but still no luck. Help... (8 Replies)
Discussion started by: Cameron
8 Replies

2. Solaris

STOP A sequence

Hi, I have a sun sparc system. I don't have a sun keyboard, hence i connected a pc keyboard. I would like to know the "STOP A" equivalent command to be used on pc keyboard. Regards, Raja (4 Replies)
Discussion started by: RajaRC
4 Replies

3. SCO

stop commands

i hit ping to ping a server, and it keeps going. how do you stop it? ctrl Z, D, C, nothing works. (2 Replies)
Discussion started by: BG_JrAdmin
2 Replies

4. UNIX for Advanced & Expert Users

how to stop others users to stop viewing what i am doing ?

Hi , I have one question, suppose i am a normal user and when i use 'w' command , it shows who is logged on and what they are doing . Now i want to stop others users to know what i am doing accept the root ? can i do this ? thanks (5 Replies)
Discussion started by: mobile01
5 Replies

5. UNIX for Advanced & Expert Users

help me stop spammer

Hello, I am hosting a site that someone is bouncing a huge amount of spam off of and I have not been able to find what file they are using to abuse my server. Short of terminating the account and telling my customer to take a hike I am hoping someone can help me find the file that is being... (1 Reply)
Discussion started by: dorpan
1 Replies

6. UNIX for Dummies Questions & Answers

To Stop at error

Hi All, I am running parallel process as they all run the same JOBS and only thing which changes is the argument which ia passed. I am doing it as follows script.sh $1 & script.sh $2 & script.sh $3 &.. and so on. Now each process has same set of JOBS which are to be executed. Now say... (1 Reply)
Discussion started by: Prashantckc
1 Replies

7. Solaris

stop - A

I am using solaris x86 with a pc keyboard. i am trying to get to the ok prompt i have tried ctrl-break but it is not working , alt-break will not as well. pls any thought? (4 Replies)
Discussion started by: seyiisq
4 Replies

8. Solaris

Stop apache

Hello all. I have a Solaris 10 box and I want to install a later version of Apache than what ships with the OS. Before I install the later version, I want to completely stop the current version of Apache (the httpd service) from running or from starting at boot time. What is the best way to... (3 Replies)
Discussion started by: RobertSubnet
3 Replies

9. Red Hat

How can I stop this???

I have a user ( and actually me too) getting this messages when the screen is idle, I need help on stopping this messages: 2012 Feb 20 13:30:22 servername Audit: LENGTH: "330" SESSIONID: "339384" ENTRYID: "1" STATEMENT: "1" USERID: "OPS$PT2ADM" USERHOST: "zzzzzzzzzzz" ACTION: "100" RETURNCODE:... (2 Replies)
Discussion started by: 300zxmuro
2 Replies

10. IP Networking

Tshark/pcap and web-server response time

Hi everyone! How can I get response time difference between GET and HTTP/1.0 200 OK (i mean time latency of web-server) with using of tshark&shell or something else for each hostname from pcap file? What can you recommend me to do that? (1 Reply)
Discussion started by: lepetal
1 Replies

LEARN ABOUT SUNOS

elf_flagdata

elf_flagdata(3ELF)					       ELF Library Functions						elf_flagdata(3ELF)

NAME

       elf_flagdata, elf_flagehdr, elf_flagelf, elf_flagphdr, elf_flagscn, elf_flagshdr - manipulate flags

SYNOPSIS

       cc [ flag ... ] file ... -lelf [ library ... ]
       #include <libelf.h>

       unsigned elf_flagdata(Elf_Data *data, Elf_Cmd cmd, unsigned flags);

       unsigned elf_flagehdr(Elf *elf, Elf_Cmd cmd, unsigned flags);

       unsigned elf_flagelf(Elf *elf, Elf_Cmd cmd, unsigned flags);

       unsigned elf_flagphdr(Elf *elf, Elf_Cmd cmd, unsigned flags);

       unsigned elf_flagscn(Elf_Scn *scn, Elf_Cmd cmd, unsigned flags);

       unsigned elf_flagshdr(Elf_Scn *scn, Elf_Cmd cmd, unsigned flags);

DESCRIPTION

       These  functions  manipulate  the flags associated with various structures of an ELF file. Given an ELF descriptor (elf), a data descriptor
       (data), or a section descriptor (scn), the functions may set or clear the associated status  bits,  returning  the  updated  bits.  A  null
       descriptor is allowed, to simplify error handling; all functions return 0 for this degenerate case.

       cmd may have the following values:

       ELF_C_CLR       The  functions  clear  the  bits  that are asserted in flags. Only the non-zero bits in flags are cleared; zero bits do not
		       change the status of the descriptor.

       ELF_C_SET       The functions set the bits that are asserted in flags. Only the non-zero bits in flags are set; zero bits do not change the
		       status of the descriptor.

       Descriptions of the defined flags bits appear below:

       ELF_F_DIRTY     When  the  program  intends  to	write an ELF file, this flag asserts the associated information needs to be written to the
		       file. Thus, for example, a program that wished to update the ELF header of an existing file would call elf_flagehdr()  with
		       this bit set in flags and cmd equal to ELF_C_SET. A later call to elf_update() would write the marked header to the file.

       ELF_F_LAYOUT    Normally, the library decides how to arrange an output file. That is, it automatically decides where to place sections, how
		       to align them in the file, etc. If this bit is set for an ELF descriptor, the program assumes responsibility for  determin-
		       ing  all  file  positions. This bit is meaningful only for elf_flagelf() and applies to the entire file associated with the
		       descriptor.

       When a flag bit is set for an item, it affects all the subitems as well. Thus, for example, if the program sets the  ELF_F_DIRTY  bit  with
       elf_flagelf(), the entire logical file is ``dirty.''

EXAMPLES

       Example 1: A sample display of calling the elf_flagdata() function.

       The following fragment shows how one might mark the ELF header to be written to the output file:

       /* dirty ehdr ... */
       ehdr = elf32_getehdr(elf);
       elf_flagehdr(elf, ELF_C_SET, ELF_F_DIRTY);

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Stable			   |
       +-----------------------------+-----------------------------+
       |MT-Level		     |MT-Safe			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       elf(3ELF), elf32_getehdr(3ELF), elf_getdata(3ELF), elf_update(3ELF), attributes(5)

SunOS 5.10							    11 Jul 2001 						elf_flagdata(3ELF)
All times are GMT -4. The time now is 09:49 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy