Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Tcpdump hangs when reading from file  (Read 4352 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Tcpdump hangs when reading from file
« on: December 02, 2018, 05:58:41 PM »

I used tcpdump -r my_capture.pcap  and after it produced the output it just sat there waiting and I had to hit Ctrl-Z to get out of it. Does this mean it will hang when I call it in a batch file / script in automated usage?

I read a tip somewhere that adding -qns 0 fixes the issue, and that seems to be true, but if I do this the output is very unfriendly. I have not been able to find a compromise, because if I take any of those switches out then the problem returns, god knows why.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Tcpdump hangs when reading from file
« Reply #1 on: December 02, 2018, 06:42:09 PM »

I've just checked with the version of tcpdump that I have installed (as a package) on RHEL6 and that does not hang.  :no:

Code: [Select]
[Duo2 tmp]$ rpm -q tcpdump
tcpdump-4.0.0-11.20090921gitdf3cb4.2.el6.x86_64
[Duo2 tmp]$ tcpdump -r capture-02.pcapng
reading from file capture-02.pcapng, link-type EN10MB (Ethernet)
<6376 lines snipped out>
[Duo2 tmp]$
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Tcpdump hangs when reading from file
« Reply #2 on: December 03, 2018, 01:04:23 AM »

It seems as if it is trying to read further stuff from somewhere. I don’t suppose that (for me) it is trying to capture stuff straight from some NIC _after_ reading the given input file contents ? Which would be very daft, who would want that? So this suggestion of mine makes zero sense to me.

One thought.

@burrakucat are you running it while logged in as a normal unprivileged user or as root? I was root, and just wondered if that could possibly make a difference? I suggest this because I, in my ignorance, wondered if privileges are required to capture from a physical NIC device. In full insanity mode, if someone were determined to capture from a NIC even though told to read from an input file instead, because of a missing "else {", then such an attempt might not succeed when logged in as a normal user.

So I wonder what would happen if I try becoming a normal user instead. Which is a bit of a nuisance just to have to get the thing to run.

Or The Kuro Neko might try sudo’ing it for the sake of science.

Or maybe RHEL has a bug fixed which I don’t have yet.

I got whatever I got from an apt-get under Ubuntu 18.04 for ARMHF (32-bit?).
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Tcpdump hangs when reading from file
« Reply #3 on: December 03, 2018, 01:37:53 AM »

@burrakucat are you running it while logged in as a normal unprivileged user or as root?

As a normal user, as hinted by the $ in the system prompt.

Quote
Or The Kuro Neko might try sudo’ing it for the sake of science.

And the result does not hang (as I expected) --

Code: [Select]
[Duo2 tmp]$ sudo tcpdump -r capture-02.pcapng
reading from file capture-02.pcapng, link-type EN10MB (Ethernet)
<6376 lines snipped>
[Duo2 tmp]$
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Tcpdump hangs when reading from file
« Reply #4 on: December 03, 2018, 08:00:59 AM »

The mystery remains. I was clutching at straws anyway. If it’s a bug then it’s a pretty serious one. If it’s by design then it’s very odd.
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Tcpdump hangs when reading from file
« Reply #5 on: December 03, 2018, 08:24:03 AM »

I have just realised that I have misreported this.

It is not an infinite hang, it’s just a strange long delay. It does come back to the command line eventually.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Tcpdump hangs when reading from file
« Reply #6 on: December 03, 2018, 04:21:15 PM »

. . . and I had to hit Ctrl-Z to get out of it.

Looking again at your initial post, now knowing that you are using a R-Pi with a Linux kernel, I should flag that <Ctrl-Z> does not send an interrupt but suspends the currently running task. The suspended task can be continued with a fg command. An interrupt, by default, is issued with a <Ctrl-C>.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Tcpdump hangs when reading from file
« Reply #7 on: December 04, 2018, 12:09:45 AM »

Aha! Good tip, thank you. I didn’t know this but was starting to work it out from the background processes I later found lying around. Too much exposure to TOPS-10, VMS and NT, CP-M and so on, where I was used to ctrl-Z for EOF in case it might have terminated its reading of an input stream from the console, to persuade it that all was done, and then I tried ctrl-C based on 1970s / 80s thinking.

All these years, doing VMS for seven years or so I never had a *nix box to play with, not until recently. That’s why it’s enjoyable, picking up new things while also taking me back to the end of the 1970s.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Tcpdump hangs when reading from file
« Reply #8 on: December 04, 2018, 12:16:48 AM »

Yes I, too, have memories of DEC operating systems and usage of <Ctrl-Z> from the early 1980s. Back then, the version of Unix System III I was using had, by default, the <Delete> key mapped to generate an interrupt.  :)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Tcpdump hangs when reading from file
« Reply #9 on: December 04, 2018, 12:41:27 AM »

It does mean that in my ignorance I have left stuck processes lying around for ages, abandoned and unnoticed, and now I know why they’re there.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Tcpdump hangs when reading from file
« Reply #10 on: December 04, 2018, 05:03:18 PM »

The command "ps -fu Weaver" may be helpful.  :)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: Tcpdump hangs when reading from file
« Reply #11 on: December 04, 2018, 05:19:41 PM »

Many thanks. Will look the switches up and adapt as needed.

[Am ashamed to say that I am logging in as root / superuser all the time. The amount of admin I do, it makes sense, but still not a great idea, in case of finger trouble, never mind anything else. And certainly do not want to be encouraging others to do so.

This is after a 25 year long crusade of trying to stop users logging in to their own WinNT family boxen as an admin. I never ever, ever logged in to my own WinNT boxes as an admin unless some installation work to do, and even then I often avoided that by using RunAs (NT equivalent of ‘su’ but more general) and I disabled the prompt for automatic UAC for all users, myself included.]
Logged