Re: [netsniff-ng] Netsniff-ng Packet Capture with Intervals
On 08/07/2015 12:01 AM, Stefano Pirrello wrote: I took another look at my server and saw the process is hung up again. See below on how many captures were successful but eventually they stopped generating. ~/captures$ ls -ltr total 3297540 -rwxr--r-- 1 n3tus3r n3tus3r 6225 Aug 3 23:06 acloudshark-upload.py -rw-r--r-- 1 rootroot151763085 Aug 6 11:59 NOR-1438829948.pcap -rw--- 1 n3tus3r n3tus3r 170 Aug 6 12:00 nohup.out -rw-r--r-- 1 rootroot614790736 Aug 6 12:15 NOR-1438876806.pcap -rw-r--r-- 1 rootroot531106907 Aug 6 12:30 NOR-1438877706.pcap -rw-r--r-- 1 rootroot469131877 Aug 6 12:45 NOR-1438878606.pcap -rw-r--r-- 1 rootroot447301234 Aug 6 13:00 NOR-1438879506.pcap -rw-r--r-- 1 rootroot536482188 Aug 6 13:15 NOR-1438880406.pcap -rw-r--r-- 1 rootroot502705750 Aug 6 13:30 NOR-1438881306.pcap -rw-r--r-- 1 rootroot123361242 Aug 6 13:33 NOR-1438882206.pcap You can also see how the process is still running: $ sudo ps -ef | grep netsniff [sudo] password for n3tus3r: root 885 618 0 12:00 pts/000:00:00 sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 root 886 885 22 12:00 pts/001:22:08 netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 n3tus3r 1326 1297 0 18:00 pts/100:00:00 grep --color=auto netsniff Hmm, is there any additional debugging information where it could be hung? Would strace give any details? -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Netsniff-ng Packet Capture with Intervals
I'll run additional tests today with strace and will share the output. On Fri, Aug 7, 2015 at 5:12 AM Daniel Borkmann borkm...@iogearbox.net wrote: On 08/07/2015 12:01 AM, Stefano Pirrello wrote: I took another look at my server and saw the process is hung up again. See below on how many captures were successful but eventually they stopped generating. ~/captures$ ls -ltr total 3297540 -rwxr--r-- 1 n3tus3r n3tus3r 6225 Aug 3 23:06 acloudshark-upload.py -rw-r--r-- 1 rootroot151763085 Aug 6 11:59 NOR-1438829948.pcap -rw--- 1 n3tus3r n3tus3r 170 Aug 6 12:00 nohup.out -rw-r--r-- 1 rootroot614790736 Aug 6 12:15 NOR-1438876806.pcap -rw-r--r-- 1 rootroot531106907 Aug 6 12:30 NOR-1438877706.pcap -rw-r--r-- 1 rootroot469131877 Aug 6 12:45 NOR-1438878606.pcap -rw-r--r-- 1 rootroot447301234 Aug 6 13:00 NOR-1438879506.pcap -rw-r--r-- 1 rootroot536482188 Aug 6 13:15 NOR-1438880406.pcap -rw-r--r-- 1 rootroot502705750 Aug 6 13:30 NOR-1438881306.pcap -rw-r--r-- 1 rootroot123361242 Aug 6 13:33 NOR-1438882206.pcap You can also see how the process is still running: $ sudo ps -ef | grep netsniff [sudo] password for n3tus3r: root 885 618 0 12:00 pts/000:00:00 sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 root 886 885 22 12:00 pts/001:22:08 netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 n3tus3r 1326 1297 0 18:00 pts/100:00:00 grep --color=auto netsniff Hmm, is there any additional debugging information where it could be hung? Would strace give any details? -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Netsniff-ng Packet Capture with Intervals
I took another look at my server and saw the process is hung up again. See below on how many captures were successful but eventually they stopped generating. ~/captures$ ls -ltr total 3297540 -rwxr--r-- 1 n3tus3r n3tus3r 6225 Aug 3 23:06 acloudshark-upload.py -rw-r--r-- 1 rootroot151763085 Aug 6 11:59 NOR-1438829948.pcap -rw--- 1 n3tus3r n3tus3r 170 Aug 6 12:00 nohup.out -rw-r--r-- 1 rootroot614790736 Aug 6 12:15 NOR-1438876806.pcap -rw-r--r-- 1 rootroot531106907 Aug 6 12:30 NOR-1438877706.pcap -rw-r--r-- 1 rootroot469131877 Aug 6 12:45 NOR-1438878606.pcap -rw-r--r-- 1 rootroot447301234 Aug 6 13:00 NOR-1438879506.pcap -rw-r--r-- 1 rootroot536482188 Aug 6 13:15 NOR-1438880406.pcap -rw-r--r-- 1 rootroot502705750 Aug 6 13:30 NOR-1438881306.pcap -rw-r--r-- 1 rootroot123361242 Aug 6 13:33 NOR-1438882206.pcap You can also see how the process is still running: $ sudo ps -ef | grep netsniff [sudo] password for n3tus3r: root 885 618 0 12:00 pts/000:00:00 sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 root 886 885 22 12:00 pts/001:22:08 netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 n3tus3r 1326 1297 0 18:00 pts/100:00:00 grep --color=auto netsniff On Thu, Aug 6, 2015 at 11:41 AM, Stefano Pirrello spirre...@gmail.com wrote: Hi Vadim, Thanks for responding so quickly. The problem appears about after an hour of running. It will work a few times but the process seems to hang up. Here are the logs from nohup.out. cat nohup.out Can't set nice val to -20! Running! Hang up with ^C! Running! Hang up with ^C! Running! Hang up with ^C! Running! Hang up with ^C! On Thu, Aug 6, 2015 at 11:21 AM, Vadim Kochan vadi...@gmail.com wrote: On Thu, Aug 06, 2015 at 08:52:09AM -0400, Stefano Pirrello wrote: Hi, I'm trying to use netsniff-ng to run packet captures and save the pcaps with either a timed interval or with a file size for long term packet analysis. Either way I try the process appears to be hanging or freezing up as the captures won't continue to roll over into a new file. It works for a duration but will then fail. Any ideas on how to achieve this? Here's the way I launch netsniff-ng: sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.17.192.0/18 System info: Ubuntu 14.04.2 LTS $sudo netsniff-ng -v netsniff-ng 0.5.9+ (Cilonen), Git id: v0.5.9-1-g75162e7 the packet sniffing beast http://www.netsniff-ng.org -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. Hi, I tried to test if at least 2 pcaps will be appeared in 1m-2m intervals, and they appeared and I watched them by: $ ls -hl and I checked that their sizes are changing and new files appeared. Would you please provide some logs from nohup ? It should generate some output from netsniff-ng to nohup.out file. If I understood correctly you said that netsniff-ng hanged after 1st 15 min ? Would you try it on different netsniff-ng versions ? Doesit work if do not use nohup and only in foreground mode ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Netsniff-ng Packet Capture with Intervals
On Thu, Aug 06, 2015 at 06:01:36PM -0400, Stefano Pirrello wrote: I took another look at my server and saw the process is hung up again. See below on how many captures were successful but eventually they stopped generating. ~/captures$ ls -ltr total 3297540 -rwxr--r-- 1 n3tus3r n3tus3r 6225 Aug 3 23:06 acloudshark-upload.py -rw-r--r-- 1 rootroot151763085 Aug 6 11:59 NOR-1438829948.pcap -rw--- 1 n3tus3r n3tus3r 170 Aug 6 12:00 nohup.out -rw-r--r-- 1 rootroot614790736 Aug 6 12:15 NOR-1438876806.pcap -rw-r--r-- 1 rootroot531106907 Aug 6 12:30 NOR-1438877706.pcap -rw-r--r-- 1 rootroot469131877 Aug 6 12:45 NOR-1438878606.pcap -rw-r--r-- 1 rootroot447301234 Aug 6 13:00 NOR-1438879506.pcap -rw-r--r-- 1 rootroot536482188 Aug 6 13:15 NOR-1438880406.pcap -rw-r--r-- 1 rootroot502705750 Aug 6 13:30 NOR-1438881306.pcap -rw-r--r-- 1 rootroot123361242 Aug 6 13:33 NOR-1438882206.pcap You can also see how the process is still running: $ sudo ps -ef | grep netsniff [sudo] password for n3tus3r: root 885 618 0 12:00 pts/000:00:00 sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 root 886 885 22 12:00 pts/001:22:08 netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.10.192.0/18 n3tus3r 1326 1297 0 18:00 pts/100:00:00 grep --color=auto netsniff On Thu, Aug 6, 2015 at 11:41 AM, Stefano Pirrello spirre...@gmail.com wrote: Hi Vadim, Thanks for responding so quickly. The problem appears about after an hour of running. It will work a few times but the process seems to hang up. Here are the logs from nohup.out. cat nohup.out Can't set nice val to -20! Running! Hang up with ^C! Running! Hang up with ^C! Running! Hang up with ^C! Running! Hang up with ^C! On Thu, Aug 6, 2015 at 11:21 AM, Vadim Kochan vadi...@gmail.com wrote: On Thu, Aug 06, 2015 at 08:52:09AM -0400, Stefano Pirrello wrote: Hi, I'm trying to use netsniff-ng to run packet captures and save the pcaps with either a timed interval or with a file size for long term packet analysis. Either way I try the process appears to be hanging or freezing up as the captures won't continue to roll over into a new file. It works for a duration but will then fail. Any ideas on how to achieve this? Here's the way I launch netsniff-ng: sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.17.192.0/18 System info: Ubuntu 14.04.2 LTS $sudo netsniff-ng -v netsniff-ng 0.5.9+ (Cilonen), Git id: v0.5.9-1-g75162e7 the packet sniffing beast http://www.netsniff-ng.org -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. Hi, I tried to test if at least 2 pcaps will be appeared in 1m-2m intervals, and they appeared and I watched them by: $ ls -hl and I checked that their sizes are changing and new files appeared. Would you please provide some logs from nohup ? It should generate some output from netsniff-ng to nohup.out file. If I understood correctly you said that netsniff-ng hanged after 1st 15 min ? Would you try it on different netsniff-ng versions ? Doesit work if do not use nohup and only in foreground mode ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. May be it can help if to print: $ cat /proc/pid_of_netsniff-ng/wchan ? -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Netsniff-ng Packet Capture with Intervals
On Thu, Aug 06, 2015 at 08:52:09AM -0400, Stefano Pirrello wrote: Hi, I'm trying to use netsniff-ng to run packet captures and save the pcaps with either a timed interval or with a file size for long term packet analysis. Either way I try the process appears to be hanging or freezing up as the captures won't continue to roll over into a new file. It works for a duration but will then fail. Any ideas on how to achieve this? Here's the way I launch netsniff-ng: sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.17.192.0/18 System info: Ubuntu 14.04.2 LTS $sudo netsniff-ng -v netsniff-ng 0.5.9+ (Cilonen), Git id: v0.5.9-1-g75162e7 the packet sniffing beast http://www.netsniff-ng.org -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. Hi, I tried to test if at least 2 pcaps will be appeared in 1m-2m intervals, and they appeared and I watched them by: $ ls -hl and I checked that their sizes are changing and new files appeared. Would you please provide some logs from nohup ? It should generate some output from netsniff-ng to nohup.out file. If I understood correctly you said that netsniff-ng hanged after 1st 15 min ? Would you try it on different netsniff-ng versions ? Doesit work if do not use nohup and only in foreground mode ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [netsniff-ng] Netsniff-ng Packet Capture with Intervals
On Thu, Aug 06, 2015 at 08:52:09AM -0400, Stefano Pirrello wrote: Hi, I'm trying to use netsniff-ng to run packet captures and save the pcaps with either a timed interval or with a file size for long term packet analysis. Either way I try the process appears to be hanging or freezing up as the captures won't continue to roll over into a new file. It works for a duration but will then fail. Any ideas on how to achieve this? Here's the way I launch netsniff-ng: sudo nohup netsniff-ng --in bond0 --out . --prefix NOR- --interval 15min -s -H -f net 10.17.192.0/18 System info: Ubuntu 14.04.2 LTS $sudo netsniff-ng -v netsniff-ng 0.5.9+ (Cilonen), Git id: v0.5.9-1-g75162e7 the packet sniffing beast http://www.netsniff-ng.org -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. Hi, I tried to test if at least 2 pcaps will be appeared in 1m-2m intervals, and they appeared and I watched them by: $ ls -hl and I checked that their sizes are changing and new files appeared. Would you please provide some logs from nohup ? It should generate some output from netsniff-ng to nohup.out file. If I understood correctly you said that netsniff-ng hanged after 1st 15 min ? Would you try it on different netsniff-ng versions ? Doesit work if do not use nohup and only in foreground mode ? Regards, Vadim Kochan -- You received this message because you are subscribed to the Google Groups netsniff-ng group. To unsubscribe from this group and stop receiving emails from it, send an email to netsniff-ng+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.