Solaris

Hi ,

I would like to write a perl script with the snoop command to capture packets from a specific IP address to a node (incoming packets) and packets from that node for the same session to another node and save the capture to a file. I would like my script to be able to read my IP all the time from the keyboard. I would like also to be able to determine for how how long the script should run. Let's say 60 seconds and then kill the snoop process after that period. Below is an example of the command.

snoop -o /tmp/snooper -V 128.50.1.250

let's say my snoop is called snoop1. I would like to be able to execute that way: ./snoop1 128.50.1.250 60.......where the 128.50.1.250 is the ip I want to capture the packets from and 60 the amount of time I want the script to run and then kill the snoop process.

Thanks for your help.

Why do you want to do that in perl when a simple shell script would do it ?

I wanted to do it in perl, because I am learning perl. I don't shell scripting. But, if you can send me the shell scripting you have that can do it that will help. At least, I can do it and use it as a guideline if I want find a way to do in perl. Thx so much. I would appreciate it.

I haven't been able to find a way to do it for a specific amount of time yet,
but you could just add the -c option, you will probably get approximately 1000 packets per minute or so. If you think it might be more, increase the count.

Code:

snoop -o /tmp/snooper -V -c 1000

I'm not the best shell scripter, so this might be a little dirty, but here is how I would do it with bash shell:

Code:

#!/bin/bash

STRING=$1

snooper() {
   snoop -o /tmp/snooper -V -c 1000 $STRING
}


readstring() {
        echo -n "What would you like to snoop today? "
        read STRING
        snooper
}

if [ $1 > 0 ]
 then
    snooper
 else
    readstring
fi

Here is something both simpler and complying with the requirements:

Code:

#!/bin/ksh
snoop -o /tmp/snooper -V $1 & sleep ${2:-60} && kill $!

Thanks all,

jlliagre's idea was great! I tried it. It didn't work at first . It gave me an error stating wrong time period for sleep.

I modified it and tried it that way....

#!/bin/ksh
snoop -o /tmp/snooper -V $1 & sleep $2 && kill $!

I can enter the ip and the time period for sleep and then kill the process after the time period. But, I am wondering how sure I can be that this kill $! will only kill the snoop process that I am running and not any other process that is running.

I am wondering if it will be safer to to have script return the process ID for the snoop that I am running and then kill that process only.


Please let me know. Thanks so much,

That's weird. That syntax simply set a default value (60 seconds) if no second parameter is supplied.
It can't by design. $! is the pid of the last background process.
That would have no advantage.