Computer Software > Linux
Tcpdump hangs when reading from file
Weaver:
I used tcpdump -r my_capture.pcap and after it produced the output it just sat there waiting and I had to hit Ctrl-Z to get out of it. Does this mean it will hang when I call it in a batch file / script in automated usage?
I read a tip somewhere that adding -qns 0 fixes the issue, and that seems to be true, but if I do this the output is very unfriendly. I have not been able to find a compromise, because if I take any of those switches out then the problem returns, god knows why.
burakkucat:
I've just checked with the version of tcpdump that I have installed (as a package) on RHEL6 and that does not hang. :no:
--- Code: ---[Duo2 tmp]$ rpm -q tcpdump
tcpdump-4.0.0-11.20090921gitdf3cb4.2.el6.x86_64
[Duo2 tmp]$ tcpdump -r capture-02.pcapng
reading from file capture-02.pcapng, link-type EN10MB (Ethernet)
<6376 lines snipped out>
[Duo2 tmp]$
--- End code ---
Weaver:
It seems as if it is trying to read further stuff from somewhere. I don’t suppose that (for me) it is trying to capture stuff straight from some NIC _after_ reading the given input file contents ? Which would be very daft, who would want that? So this suggestion of mine makes zero sense to me.
One thought.
@burrakucat are you running it while logged in as a normal unprivileged user or as root? I was root, and just wondered if that could possibly make a difference? I suggest this because I, in my ignorance, wondered if privileges are required to capture from a physical NIC device. In full insanity mode, if someone were determined to capture from a NIC even though told to read from an input file instead, because of a missing "else {", then such an attempt might not succeed when logged in as a normal user.
So I wonder what would happen if I try becoming a normal user instead. Which is a bit of a nuisance just to have to get the thing to run.
Or The Kuro Neko might try sudo’ing it for the sake of science.
Or maybe RHEL has a bug fixed which I don’t have yet.
I got whatever I got from an apt-get under Ubuntu 18.04 for ARMHF (32-bit?).
burakkucat:
--- Quote from: Weaver on December 03, 2018, 01:04:23 AM ---@burrakucat are you running it while logged in as a normal unprivileged user or as root?
--- End quote ---
As a normal user, as hinted by the $ in the system prompt.
--- Quote ---Or The Kuro Neko might try sudo’ing it for the sake of science.
--- End quote ---
And the result does not hang (as I expected) --
--- Code: ---[Duo2 tmp]$ sudo tcpdump -r capture-02.pcapng
reading from file capture-02.pcapng, link-type EN10MB (Ethernet)
<6376 lines snipped>
[Duo2 tmp]$
--- End code ---
Weaver:
The mystery remains. I was clutching at straws anyway. If it’s a bug then it’s a pretty serious one. If it’s by design then it’s very odd.
Navigation
[0] Message Index
[#] Next page
Go to full version