previously on this list Stuart Henderson contributed:
> There are headers to deal with. You might get somewhere with
> tcpslice or pcapmerge; if neither of these do what you want, pcapmerge
> is written in perl and shouldn't be too difficult to modify or use as
> a base for something else.
They only seem to split on a timebase whereas I want to keep files
small and make sure I don't fill the filesystem.
This is what I have come up with so far if it's of any use to anyone,
should work quite well but as many packets are small the circular
buffer will overwrite before the filesystems full. I will probably fix
that by monitoring the filesystem but for now it will do especially at
a low snaplen. I've been set back with soldering a laptop power supply
(yet again) which turned out to be the plug end after having cut the
cable searching for the break :-{
#!/bin/sh
EXT_IF="trunk0"
PKTCAPSIZE="200"
MBFILESIZE="15"
STORAGEFILE="/var/log/inet-dump/internet-log"
STORAGEGB="95"
PKTCOUNT=$(((1024*1024*$MBFILESIZE)/$PKTCAPSIZE))
FILECOUNT=$((($STORAGEGB*1024)/$MBFILESIZE))
f=-1
while true
do
if [ "$f" -gt $(($FILECOUNT-1)) ]; then
f=0
else
f=$(($f+1))
fi
/usr/bin/sudo /usr/sbin/tcpdump -c "$PKTCOUNT" -s "$PKTCAPSIZE" -w
"$STORAGEFILE""$f" -i "$EXT_IF" done
p.s. Why are C and sh syntax not closer than they are
--
_______________________________________________________________________
'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'
(Doug McIlroy)
In Other Words - Don't design like polkit or systemd
_______________________________________________________________________
