![]() ![]() I've run Microsoft Defender Full Scan as well as Bitdefender Total Security System Scan and Rescue Environment (Boot time scan). Or spend two days figuring out which flags need to be set where just to get something simple done. Do the research, understand and accept the responsibility. Still, if you try this at home, make sure you are the admin of the machine in question. But let’s just assume I’m a big boy and I understand the risk and have made a calculated decision to get on with my day and root this whole process. “Oh nooo!” cry all the online professional Linux people, “Do not be root!” Listen: I don’t have time to navigate the absurd permissions issues of a Linux machine. So I run this program as root, and any output files go to /root/. It seems like they folow a different and more restrictive set of rules when it comes to where they can even write their output files. You Have Permissionīoth tshark and dumcap are very skitish when it comes to permissions. I finally got tired of looking this up every time I needed it, and wrote this blog post so that it would be easy to find. If I were worried about that, I could also limit the capture file size using -b filesize: 16384 for a 16 mb maximum size. Now, I know the amount of traffic to expect between the server and the target machine, but if I didn’t, I risk the possibility of having gigantic files in each 24 hour period. ![]() End the command with an ampersand so that it runs in the background.Capture only TCP, from remote host at address 192.168.60.101:502.(24 hours x 60 minutes x 60 seconds = 86400) Output file name is pcap.cap (dumpcap will add some text to this name to differentiate the many files it will create).Listen on interface eth0 (we can get that from ifconfig).I can even use the same capture filters I’m familiar with from tshark. But I do know that dumpcap will perform just like tshark, with the added benefit that it provides options that do the rotation of the caputre files without any other outside tools. My understanding is limited, because I’ve got a job to do and don’t have time to dig into the bowels of some tool that needs to just do its job. It’s my understanding that dumpcap is used by tshark and wireshark. I assume some closure and cleanup is done whenever I kill tshark manually that’s not getting done with the typical logrotate process, because the resulting file is useless after it’s been roated. It’s not a nice text file, or even a Sqlite3 database file like my log files are. But if I use logrotate on the file generated by tshark, it gets broken when I snip it from the outside. If I can do this with the pacap files, that would be ideal. Normally, I use logrotate, and rotate the logs every 24 hours, keeping only 2 weeks worth. I want the file to roll over like my log files do. ![]() I can’t consume all of the disk space on a single, giant pcap file that spans weeks. That’s where I was born and raised on computer interfaces. Plus, you know me: I’m more comfortable on a command line. There is no GUI desktop interface to run Wireshark on, and I’m usually connected over an SSH terminal anyway. This is handy because my embedded systems are command line only. I can run tshark on the command line to capture the packets. Because if I get to the point where I’m bothering to do this, we have an intermittent problem that’s proven elusive. Now, I need to capture these packets over the course of several days. Honestly, the logs my program generates give me everything I need to know, but capturing the actual traffic on the network card will give me more proof that the problem is not me, or provide a valuable clue as to where my code has gone wrong. So sometimes I need to get right down to the network card and take a look at what’s actually happening to get to the bottom of the problem. But I never have control of the network and the clients that talk to my machine. I have the luxury of controlling the machine and OS my software runs on, as it’s more of an embedded system. The program will work perfectly fine everywhere but on the one customer’s network. Instead, I get a lot of “It Doesn’t Work On My Machine Only” from customers. Often, I have the opposite problem of the classic “It Works On My Machine” issue. I write a lot of network enabled programs for my day job. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |