I took another look at my server and saw the process is hung up again. See below on how many captures were successful but eventually they stopped generating.
~/captures$ ls -ltr total 3297540 -rwxr--r-- 1 n3tus3r n3tus3r 6225 Aug 3 23:06 acloudshark-upload.py -rw-r--r-- 1 root root 151763085 Aug 6 11:59 NOR-1438829948.pcap -rw------- 1 n3tus3r n3tus3r 170 Aug 6 12:00 nohup.out -rw-r--r-- 1 root root 614790736 Aug 6 12:15 NOR-1438876806.pcap -rw-r--r-- 1 root root 531106907 Aug 6 12:30 NOR-1438877706.pcap -rw-r--r-- 1 root root 469131877 Aug 6 12:45 NOR-1438878606.pcap -rw-r--r-- 1 root root 447301234 Aug 6 13:00 NOR-1438879506.pcap -rw-r--r-- 1 root root 536482188 Aug 6 13:15 NOR-1438880406.pcap -rw-r--r-- 1 root root 502705750 Aug 6 13:30 NOR-1438881306.pcap -rw-r--r-- 1 root root 123361242 Aug 6 13:33 NOR-1438882206.pcap You can also see how the process is still running: $ sudo ps -ef | grep netsniff [sudo] password for n3tus3r: root 885 618 0 12:00 pts/0 00:00:00 sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 root 886 885 22 12:00 pts/0 01:22:08 netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 n3tus3r 1326 1297 0 18:00 pts/1 00:00:00 grep --color=auto netsniff On Thu, Aug 6, 2015 at 11:41 AM, Stefano Pirrello <[email protected]> wrote: > Hi Vadim, > > Thanks for responding so quickly. The problem appears about after an hour > of running. It will work a few times but the process seems to hang up. > > Here are the logs from nohup.out. > > cat nohup.out > Can't set nice val to -20! > Running! Hang up with ^C! > > > > Running! Hang up with ^C! > > > > Running! Hang up with ^C! > > > > Running! Hang up with ^C! > > On Thu, Aug 6, 2015 at 11:21 AM, Vadim Kochan <[email protected]> wrote: > >> On Thu, Aug 06, 2015 at 08:52:09AM -0400, Stefano Pirrello wrote: >> > Hi, >> > >> > I'm trying to use netsniff-ng to run packet captures and save the pcaps >> > with either a timed interval or with a file size for long term packet >> > analysis. Either way I try the process appears to be hanging or >> freezing >> > up as the captures won't continue to roll over into a new file. It >> works >> > for a duration but will then fail. Any ideas on how to achieve this? >> > >> > Here's the way I launch netsniff-ng: >> > >> > sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval >> 15min -s >> > -H -f "net 10.17.192.0/18" & >> > >> > System info: >> > Ubuntu 14.04.2 LTS >> > >> > $sudo netsniff-ng -v >> > >> > netsniff-ng 0.5.9+ (Cilonen), Git id: v0.5.9-1-g75162e7 >> > the packet sniffing beast >> > http://www.netsniff-ng.org >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "netsniff-ng" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> Hi, >> >> I tried to test if at least 2 pcaps will be appeared in 1m-2m >> intervals, and they appeared and I watched them by: >> >> $ ls -hl >> >> and I checked that their sizes are changing and new files appeared. >> >> Would you please provide some logs from nohup ? >> >> It should generate some output from netsniff-ng to nohup.out file. >> >> If I understood correctly you said that netsniff-ng hanged after 1st 15 >> min ? >> >> Would you try it on different netsniff-ng versions ? >> >> Doesit work if do not use nohup and only in foreground mode ? >> >> Regards, >> Vadim Kochan >> >> -- >> You received this message because you are subscribed to the Google Groups >> "netsniff-ng" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
