Simply because netsniff-ng does not support custom date-time format for pcap file name.
But as I said we can extend it in the similar way like tcpdump does. On Fri, Feb 19, 2016 at 8:56 AM, and <andri...@gmail.com> wrote: > Sorry, I am beginner, so i am not sure about how to use "strftime". > One strange thing, i can't understand: for tcpdump works comand I early > wrote and it gives results that i expect: > > tcpdump -i ethx -w /destination/tcpd_'%Y%m%d_%H%M'.pcap -n -G 3600 > > (enough to use quotes) But for netsniff-ng that doesn't work and I can't get > why? > > 2016 m. vasaris 19 d., penktadienis 01:36:41 UTC+2, Vadim Kochan rašė: >> >> Hm, well we can do similary like tcpdump does - try to strftime output >> pcap file name if -F is specified. >> >> Lets see what Tobias or Daniel may suggest. >> >> Regards, >> Vadim Kochan >> >> On Thu, Feb 18, 2016 at 10:51 PM, and <andr...@gmail.com> wrote: >> > Yes, sort of that: i need that every pcap file get name, which should >> > consist from date and time, when that file created. >> > For example, with comand: >> > netsniff-ng -i ethx -o /destination/"$(date +'%Y%m%d_%H%M')".pcap -s -F >> > 1hrs >> > >> > I expect to get (hourly) multiple files like: >> > >> > /destination/20160218_2015.pcap >> > /destination/20160218_2115.pcap >> > /destination/20160218_2215.pcap >> > ... >> > >> > But i don't :( >> > >> > 2016 m. vasaris 18 d., ketvirtadienis 16:49:04 UTC+2, Vadim Kochan rašė: >> >> >> >> On Thu, Feb 18, 2016 at 2:13 PM, Andrius X <andr...@gmail.com> wrote: >> >> > Thank you for fast respond. >> >> > Sorry, I experimented a lot, but posted just part of information. >> >> > >> >> > Explanations: >> >> > My goal is capture "endless" traffic and save it to pcaps. As it is >> >> > endless >> >> > traffic, I want to have multiple pcaps (for example, minutely or >> >> > hourly >> >> > saved). >> >> > >> >> > Yes you right "$(date +'%Y%m%d_%H%M')" works, however netsniff with >> >> > it >> >> > don't >> >> > create multiple files with -F: >> >> > >> >> > sudo netsniff-ng -i ethx -o /destination/"$(date >> >> > +'%Y%m%d_%H%M')".pcap >> >> > -s -F >> >> > 10s >> >> > >> >> > ....just one file, or multiple files (with prefix option) but without >> >> > changing time variable: >> >> > >> >> > sudo netsniff-ng -i ethx -o /destination/ -P "$(date >> >> > +'%Y%m%d_%H%M')"_ >> >> > -s -F >> >> > 10s >> >> > >> >> > >> >> > >> >> > >> >> > For tcpdump works: >> >> > tcpdump -i ethx -w /destination/tcpd_'%Y%m%d_%H%M'.pcap -n -G 3600 >> >> > >> >> > >> >> > >> >> > 2016 m. vasaris 18 d., ketvirtadienis 12:58:10 UTC+2, Vadim Kochan >> >> > rašė: >> >> >> >> >> >> Hi, >> >> >> >> >> >> On Wed, Feb 17, 2016 at 9:55 AM, <andr...@gmail.com> wrote: >> >> >> > Hi everyone, >> >> >> > >> >> >> > I have a questions about netsniff-ng and maybe you could help me: >> >> >> > is there any possibility to format output file name by date & >> >> >> > time? >> >> >> > >> >> >> > I tried, but didn't work: >> >> >> > >> >> >> > netsniff-ng -i ethx -o /destination/"$(date +'%Y%m%d_%H%M')".pcap >> >> >> > >> >> >> > (I use netsniff-ng 0.5.7) >> >> >> > >> >> >> > PS. for tcpdump it works. >> >> >> > >> >> >> > Thanks. >> >> >> > >> >> >> > Best regards, >> >> >> > and >> >> >> > >> >> >> > -- >> >> >> > You received this message because you are subscribed to the Google >> >> >> > Groups "netsniff-ng" group. >> >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> >> > send >> >> >> > an email to netsniff-ng...@googlegroups.com. >> >> >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> >> I just tried it on Debian (in VBox) : >> >> >> >> >> >> sudo netsniff-ng/netsniff-ng -i enp0s3 -o /tmp/"$(date >> >> >> +'%Y%m%d_%H%M')".pcap -n 100 >> >> >> >> >> >> And I got the pcap file under /tmp: >> >> >> >> >> >> /tmp/20160218_1251.pcap >> >> >> >> >> >> May be I did not understand your problem ? >> >> >> >> >> >> Regards, >> >> >> Vadim Kochan >> >> > >> >> > -- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "netsniff-ng" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send >> >> > an >> >> > email to netsniff-ng...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/d/optout. >> >> >> >> As I understand the problem - you can't specify custom date format via >> >> command line ? >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups >> > "netsniff-ng" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to netsniff-ng...@googlegroups.com. >> > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "netsniff-ng" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to netsniff-ng+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
