On Thu, Aug 06, 2015 at 06:01:36PM -0400, Stefano Pirrello wrote:
> I took another look at my server and saw the process is hung up again. See
> below on how many captures were successful but eventually they stopped
> generating.
>
> ~/captures$ ls -ltr
> total 3297540
> -rwxr--r-- 1 n3tus3r n3tus3r 6225 Aug 3 23:06 acloudshark-upload.py
> -rw-r--r-- 1 root root 151763085 Aug 6 11:59 NOR-1438829948.pcap
> -rw------- 1 n3tus3r n3tus3r 170 Aug 6 12:00 nohup.out
> -rw-r--r-- 1 root root 614790736 Aug 6 12:15 NOR-1438876806.pcap
> -rw-r--r-- 1 root root 531106907 Aug 6 12:30 NOR-1438877706.pcap
> -rw-r--r-- 1 root root 469131877 Aug 6 12:45 NOR-1438878606.pcap
> -rw-r--r-- 1 root root 447301234 Aug 6 13:00 NOR-1438879506.pcap
> -rw-r--r-- 1 root root 536482188 Aug 6 13:15 NOR-1438880406.pcap
> -rw-r--r-- 1 root root 502705750 Aug 6 13:30 NOR-1438881306.pcap
> -rw-r--r-- 1 root root 123361242 Aug 6 13:33 NOR-1438882206.pcap
>
>
> You can also see how the process is still running:
>
> $ sudo ps -ef | grep netsniff
> [sudo] password for n3tus3r:
> root 885 618 0 12:00 pts/0 00:00:00 sudo nohup netsniff-ng --in
> bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18
> root 886 885 22 12:00 pts/0 01:22:08 netsniff-ng --in bond0
> --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18
> n3tus3r 1326 1297 0 18:00 pts/1 00:00:00 grep --color=auto netsniff
>
>
> On Thu, Aug 6, 2015 at 11:41 AM, Stefano Pirrello <[email protected]>
> wrote:
>
> > Hi Vadim,
> >
> > Thanks for responding so quickly. The problem appears about after an hour
> > of running. It will work a few times but the process seems to hang up.
> >
> > Here are the logs from nohup.out.
> >
> > cat nohup.out
> > Can't set nice val to -20!
> > Running! Hang up with ^C!
> >
> >
> >
> > Running! Hang up with ^C!
> >
> >
> >
> > Running! Hang up with ^C!
> >
> >
> >
> > Running! Hang up with ^C!
> >
> > On Thu, Aug 6, 2015 at 11:21 AM, Vadim Kochan <[email protected]> wrote:
> >
> >> On Thu, Aug 06, 2015 at 08:52:09AM -0400, Stefano Pirrello wrote:
> >> > Hi,
> >> >
> >> > I'm trying to use netsniff-ng to run packet captures and save the pcaps
> >> > with either a timed interval or with a file size for long term packet
> >> > analysis. Either way I try the process appears to be hanging or
> >> freezing
> >> > up as the captures won't continue to roll over into a new file. It
> >> works
> >> > for a duration but will then fail. Any ideas on how to achieve this?
> >> >
> >> > Here's the way I launch netsniff-ng:
> >> >
> >> > sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval
> >> 15min -s
> >> > -H -f "net 10.17.192.0/18" &
> >> >
> >> > System info:
> >> > Ubuntu 14.04.2 LTS
> >> >
> >> > $sudo netsniff-ng -v
> >> >
> >> > netsniff-ng 0.5.9+ (Cilonen), Git id: v0.5.9-1-g75162e7
> >> > the packet sniffing beast
> >> > http://www.netsniff-ng.org
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> Groups "netsniff-ng" group.
> >> > To unsubscribe from this group and stop receiving emails from it, send
> >> an email to [email protected].
> >> > For more options, visit https://groups.google.com/d/optout.
> >>
> >> Hi,
> >>
> >> I tried to test if at least 2 pcaps will be appeared in 1m-2m
> >> intervals, and they appeared and I watched them by:
> >>
> >> $ ls -hl
> >>
> >> and I checked that their sizes are changing and new files appeared.
> >>
> >> Would you please provide some logs from nohup ?
> >>
> >> It should generate some output from netsniff-ng to nohup.out file.
> >>
> >> If I understood correctly you said that netsniff-ng hanged after 1st 15
> >> min ?
> >>
> >> Would you try it on different netsniff-ng versions ?
> >>
> >> Doesit work if do not use nohup and only in foreground mode ?
> >>
> >> Regards,
> >> Vadim Kochan
> >>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "netsniff-ng" group.
> >> To unsubscribe from this group and stop receiving emails from it, send an
> >> email to [email protected].
> >> For more options, visit https://groups.google.com/d/optout.
> >>
> >
> >
>
> --
> You received this message because you are subscribed to the Google Groups
> "netsniff-ng" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
May be it can help if to print:
$ cat /proc/<pid_of_netsniff-ng>/wchan
?
--
You received this message because you are subscribed to the Google Groups
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
