[netsniff-ng] Using a time-based interval in netsniff-ng crashes at the end of the first interval
I built netsniff-ng 0.5.8-rc2 from git just last night on a 64bit Ubuntu 12.04.2 LTS box. When I specify a time-based interval, netsniff-ng records for the full interval but then crashes with a Poll failed! error before starting a 2nd pcap file. Like this: root@server:~# netsniff-ng --in eth1 --out dump -s --interval 30s Running! Hang up with ^C! Poll failed! root@server:~# ll dump total 152064 drwxr-xr-x 2 root root 4096 Aug 16 10:27 ./ drwx-- 57 root root 12288 Aug 16 10:26 ../ -rw-r--r-- 1 root root 155690405 Aug 16 10:27 dump-1376663235.pcap This does not occur with a traffic volume interval like --interval 1MiB I googled about for netsniff-ng and Poll failed! but it appears this may have cropped up recently, since nothing turned up in my digging. Kevin -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [netsniff-ng] Re: Can netsniff-ng create pcap file by size
Thanks for the answers. I tried to limit the pcap file size to 100MB by setting the option to be --interval 100MiB, however, I saw most of the pcap files were created at the size around 170MB to 200MB. Is this the expected behavior? Thanks, Allen On Mon, Aug 12, 2013 at 10:58 AM, Daniel Borkmann borkm...@iogearbox.netwrote: On 08/12/2013 04:55 PM, allent...@gmail.com wrote: [...] (From the document https://help.ubuntu.com/**community/Netsniff-NGhttps://help.ubuntu.com/community/Netsniff-NG ) Is the following command still valid? Yep, it is. Drop privileges to uid 1000 and write a new capture file to the current directory after every 10GB of traffic. netsniff-ng --in eth0 --out . --interval 10GiB --user 1000 --group 1000 -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscribe@**googlegroups.comnetsniff-ng%2bunsubscr...@googlegroups.com . For more options, visit https://groups.google.com/**groups/opt_outhttps://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [netsniff-ng] Using a time-based interval in netsniff-ng crashes at the end of the first interval
On 08/16/2013 04:48 PM, branchnetconsult...@gmail.com wrote: I built netsniff-ng 0.5.8-rc2 from git just last night on a 64bit Ubuntu 12.04.2 LTS box. When I specify a time-based interval, netsniff-ng records for the full interval but then crashes with a Poll failed! error before starting a 2nd pcap file. Like this: root@server:~# netsniff-ng --in eth1 --out dump -s --interval 30s Running! Hang up with ^C! Poll failed! root@server:~# ll dump total 152064 drwxr-xr-x 2 root root 4096 Aug 16 10:27 ./ drwx-- 57 root root 12288 Aug 16 10:26 ../ -rw-r--r-- 1 root root 155690405 Aug 16 10:27 dump-1376663235.pcap This does not occur with a traffic volume interval like --interval 1MiB I googled about for netsniff-ng and Poll failed! but it appears this may have cropped up recently, since nothing turned up in my digging. Thanks for reporting! I've just pushed a fix upstream to the Git repository. Could you test it on your side? Kevin -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [netsniff-ng] Re: Can netsniff-ng create pcap file by size
On 08/16/2013 09:54 PM, Allen Ting wrote: Thanks for the answers. I tried to limit the pcap file size to 100MB by setting the option to be --interval 100MiB, however, I saw most of the pcap files were created at the size around 170MB to 200MB. Is this the expected behavior? Is this reproducible with the latest netsniff-ng version from Git? I remember there was an issue with TPACKET_V3 as accounting seems to be an issue there that we recently fixed. -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.