Kitz Forum
Computer Software => Linux => Topic started by: Weaver on December 02, 2018, 05:58:41 PM
-
I used tcpdump -r my_capture.pcap and after it produced the output it just sat there waiting and I had to hit Ctrl-Z to get out of it. Does this mean it will hang when I call it in a batch file / script in automated usage?
I read a tip somewhere that adding -qns 0 fixes the issue, and that seems to be true, but if I do this the output is very unfriendly. I have not been able to find a compromise, because if I take any of those switches out then the problem returns, god knows why.
-
I've just checked with the version of tcpdump that I have installed (as a package) on RHEL6 and that does not hang. :no:
[Duo2 tmp]$ rpm -q tcpdump
tcpdump-4.0.0-11.20090921gitdf3cb4.2.el6.x86_64
[Duo2 tmp]$ tcpdump -r capture-02.pcapng
reading from file capture-02.pcapng, link-type EN10MB (Ethernet)
<6376 lines snipped out>
[Duo2 tmp]$
-
It seems as if it is trying to read further stuff from somewhere. I don’t suppose that (for me) it is trying to capture stuff straight from some NIC _after_ reading the given input file contents ? Which would be very daft, who would want that? So this suggestion of mine makes zero sense to me.
One thought.
@burrakucat are you running it while logged in as a normal unprivileged user or as root? I was root, and just wondered if that could possibly make a difference? I suggest this because I, in my ignorance, wondered if privileges are required to capture from a physical NIC device. In full insanity mode, if someone were determined to capture from a NIC even though told to read from an input file instead, because of a missing "else {", then such an attempt might not succeed when logged in as a normal user.
So I wonder what would happen if I try becoming a normal user instead. Which is a bit of a nuisance just to have to get the thing to run.
Or The Kuro Neko might try sudo’ing it for the sake of science.
Or maybe RHEL has a bug fixed which I don’t have yet.
I got whatever I got from an apt-get under Ubuntu 18.04 for ARMHF (32-bit?).
-
@burrakucat are you running it while logged in as a normal unprivileged user or as root?
As a normal user, as hinted by the $ in the system prompt.
Or The Kuro Neko might try sudo’ing it for the sake of science.
And the result does not hang (as I expected) --
[Duo2 tmp]$ sudo tcpdump -r capture-02.pcapng
reading from file capture-02.pcapng, link-type EN10MB (Ethernet)
<6376 lines snipped>
[Duo2 tmp]$
-
The mystery remains. I was clutching at straws anyway. If it’s a bug then it’s a pretty serious one. If it’s by design then it’s very odd.
-
I have just realised that I have misreported this.
It is not an infinite hang, it’s just a strange long delay. It does come back to the command line eventually.
-
. . . and I had to hit Ctrl-Z to get out of it.
Looking again at your initial post, now knowing that you are using a R-Pi with a Linux kernel, I should flag that <Ctrl-Z> does not send an interrupt but suspends the currently running task. The suspended task can be continued with a fg command. An interrupt, by default, is issued with a <Ctrl-C>.
-
Aha! Good tip, thank you. I didn’t know this but was starting to work it out from the background processes I later found lying around. Too much exposure to TOPS-10, VMS and NT, CP-M and so on, where I was used to ctrl-Z for EOF in case it might have terminated its reading of an input stream from the console, to persuade it that all was done, and then I tried ctrl-C based on 1970s / 80s thinking.
All these years, doing VMS for seven years or so I never had a *nix box to play with, not until recently. That’s why it’s enjoyable, picking up new things while also taking me back to the end of the 1970s.
-
Yes I, too, have memories of DEC operating systems and usage of <Ctrl-Z> from the early 1980s. Back then, the version of Unix System III I was using had, by default, the <Delete> key mapped to generate an interrupt. :)
-
It does mean that in my ignorance I have left stuck processes lying around for ages, abandoned and unnoticed, and now I know why they’re there.
-
The command "ps -fu Weaver" may be helpful. :)
-
Many thanks. Will look the switches up and adapt as needed.
[Am ashamed to say that I am logging in as root / superuser all the time. The amount of admin I do, it makes sense, but still not a great idea, in case of finger trouble, never mind anything else. And certainly do not want to be encouraging others to do so.
This is after a 25 year long crusade of trying to stop users logging in to their own WinNT family boxen as an admin. I never ever, ever logged in to my own WinNT boxes as an admin unless some installation work to do, and even then I often avoided that by using RunAs (NT equivalent of ‘su’ but more general) and I disabled the prompt for automatic UAC for all users, myself included.]