Shell Programming and Scripting

I'm new to the Unix/Linux world. I have taken classes and played with a few simple scripts but never had a real world application. Here is my problem.

What I need to do is every 15min between 8am and 5pm, run
tcpdump -s 2000 -w flowroute-0000.pcap

where the "0000" is the current time.

I understand i should be able to do some thing like this. Not sure if that would be a C basic, or bash shell... not sure.
This will be running on a VoIP server, Trixbox pro call center edition.
this is basically a lunix build with built in VoIP functions.
Thanks in advance for reading.

cron can do the timing. The tricky thing is the date command % metacharacter is also the cron metacharacter, so you need to write a trivial script to call from cron. Do you want the date as well, or will it overwrite daily?

Code:

----- tcpd_cron.ksh file (#! must be on first line, chmod 744) -----
#!/usr/bin/ksh
 
(
date "+=============================
%Y-%m-%d %H:%M:%S Start ${0##*/} ($$)."
 
. ./.profile
 
tcpdump -s 2000 -w flowroute-$( date '+%H''%M' ).pcap
 
date "+%Y-%m-%d %H:%M:%S End ${0##*/} ($$) tcpdump returned $?.
==================================="
) >>tcpd_cron.log 2>&1
 
----- your crontab line ------
0,15,30,45 8-16 * * * tcpd_cron.ksh

The two single quotes in the middle of the date option is because %H% is an SCCS meta-string! Files are in your home dir, unless you expand the path! I assume your .profile will not mind running from a non-tty session (put all the term stuff at the end in an if) and sets any necessary PATH and such. As I recall, in cron stderr is discarded and stdout is emailed to you, so you want to redirect the outputs to a log file and log start and stop of every run with a date command, as bookends. A subshell does this once for everything inside.

What worries me is by the end of the day you'll have a bunch of tcpdump processes running, unless you go in and kill them off.

tcpdump might do what you want it to do, needing a script only to start it once per day and stop it once per day. Check 'man tcpdump', specifically for the "-G" and "-w" options.

Also beware logging that much traffic on a busy system. There's no guarantee that you catch every packet, and the chance that you fill you filesystem in short order.

Edit: It looks like the -G option doesn't show up until version 4.0.0 - something like this should work in that version, but I can't test it at the moment:

Code:

# tcpdump -s2000 -w'flowroute-%H%M.pcap' -G900 -W36

Then you'd just need to schedule it to start at 08:00, and it should finish on its own at 17:00. As pointed out above, you'll want to wrap it in a small script for the date handling and to log the output.

Thanks for all the feed back. I will need to look into using cron, not some thing i have used before but I understand the idea. I was thinking that i could use that for timing, thank you for the cron lines.
0,15,30,45 8-16 * * * tcpd_cron.ksh
As for the date, I dont need the date. These files will be downloaded at the end of each work day.
My original plan was to just start the cron job at the beginning of the day and stop it at end of the work day. Then download all the data off the server to save space. This way I can maintain a log of all the calls.

My biggest worry is that the VoIP server might be a little taxed from the ongoing processes running. I don't have a test server I can use at the moment but Im working on building one.

Requirement creep. Cron has a column for day of the week, but since you were overwriting, it seemed ok to run it every day regardless. If you want to keep, add the date into the file name.

I am not a tcpdump user this decade, so I admit you do need to stop it somehow. You might use head to cap the byte count and spin it off in the background, sleep a while, and 'kill -9 $! 2>/dev/null', so it does not run into the next run.

You might even put the files in a zip for each week or month, so space is not so quickly threatened, they are easily discarded and the dir does not grow big.