Re: [netsniff-ng] netsniff-ng output file name by date

2016-02-19 Thread Daniel Borkmann 

On 02/19/2016 10:10 AM, Vadim Kochan wrote:

Simply because netsniff-ng does not support custom date-time format
for pcap file name.

But as I said we can extend it in the similar way like tcpdump does.


Agreed, that might be useful.

Thanks,
Daniel

--
You received this message because you are subscribed to the Google Groups 
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [netsniff-ng] netsniff-ng output file name by date

2016-02-19 Thread Vadim Kochan 
Simply because netsniff-ng does not support custom date-time format
for pcap file name.

But as I said we can extend it in the similar way like tcpdump does.

On Fri, Feb 19, 2016 at 8:56 AM, and  wrote:
> Sorry, I am beginner, so i am not sure about how to use "strftime".
> One strange thing, i can't understand: for tcpdump works comand I early
> wrote and it gives results that i expect:
>
> tcpdump -i ethx -w /destination/tcpd_'%Y%m%d_%H%M'.pcap -n -G 3600
>
> (enough to use quotes) But for netsniff-ng that doesn't work and I can't get
> why?
>
> 2016 m. vasaris 19 d., penktadienis 01:36:41 UTC+2, Vadim Kochan rašė:
>>
>> Hm, well we can do similary like tcpdump does - try to strftime output
>> pcap file name if -F is specified.
>>
>> Lets see what Tobias or Daniel may suggest.
>>
>> Regards,
>> Vadim Kochan
>>
>> On Thu, Feb 18, 2016 at 10:51 PM, and  wrote:
>> > Yes, sort of that: i need that every pcap file get name, which should
>> > consist from date and time, when that file created.
>> > For example, with comand:
>> > netsniff-ng -i ethx -o /destination/"$(date +'%Y%m%d_%H%M')".pcap -s -F
>> > 1hrs
>> >
>> > I expect to get (hourly) multiple files like:
>> >
>> > /destination/20160218_2015.pcap
>> > /destination/20160218_2115.pcap
>> > /destination/20160218_2215.pcap
>> > ...
>> >
>> > But i don't :(
>> >
>> > 2016 m. vasaris 18 d., ketvirtadienis 16:49:04 UTC+2, Vadim Kochan rašė:
>> >>
>> >> On Thu, Feb 18, 2016 at 2:13 PM, Andrius X  wrote:
>> >> > Thank you for fast respond.
>> >> > Sorry, I experimented a lot, but posted just part of information.
>> >> >
>> >> > Explanations:
>> >> > My goal is capture "endless" traffic and save it to pcaps. As it is
>> >> > endless
>> >> > traffic, I want to have multiple pcaps (for example, minutely or
>> >> > hourly
>> >> > saved).
>> >> >
>> >> > Yes you right "$(date +'%Y%m%d_%H%M')" works, however netsniff with
>> >> > it
>> >> > don't
>> >> > create multiple files with -F:
>> >> >
>> >> > sudo netsniff-ng -i ethx -o /destination/"$(date
>> >> > +'%Y%m%d_%H%M')".pcap
>> >> > -s -F
>> >> > 10s
>> >> >
>> >> > just one file, or multiple files (with prefix option) but without
>> >> > changing time variable:
>> >> >
>> >> > sudo netsniff-ng -i ethx -o /destination/ -P "$(date
>> >> > +'%Y%m%d_%H%M')"_
>> >> > -s -F
>> >> > 10s
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > For tcpdump works:
>> >> > tcpdump -i ethx -w /destination/tcpd_'%Y%m%d_%H%M'.pcap -n -G 3600
>> >> >
>> >> >
>> >> >
>> >> > 2016 m. vasaris 18 d., ketvirtadienis 12:58:10 UTC+2, Vadim Kochan
>> >> > rašė:
>> >> >>
>> >> >> Hi,
>> >> >>
>> >> >> On Wed, Feb 17, 2016 at 9:55 AM,   wrote:
>> >> >> > Hi everyone,
>> >> >> >
>> >> >> > I have a questions about netsniff-ng and maybe you could help me:
>> >> >> > is there any possibility to format output file name by date &
>> >> >> > time?
>> >> >> >
>> >> >> > I tried, but didn't work:
>> >> >> >
>> >> >> > netsniff-ng -i ethx -o /destination/"$(date +'%Y%m%d_%H%M')".pcap
>> >> >> >
>> >> >> > (I use netsniff-ng 0.5.7)
>> >> >> >
>> >> >> > PS. for tcpdump it works.
>> >> >> >
>> >> >> > Thanks.
>> >> >> >
>> >> >> > Best regards,
>> >> >> > and
>> >> >> >
>> >> >> > --
>> >> >> > You received this message because you are subscribed to the Google
>> >> >> > Groups "netsniff-ng" group.
>> >> >> > To unsubscribe from this group and stop receiving emails from it,
>> >> >> > send
>> >> >> > an email to netsniff-ng...@googlegroups.com.
>> >> >> > For more options, visit https://groups.google.com/d/optout.
>> >> >>
>> >> >> I just tried it on Debian (in VBox) :
>> >> >>
>> >> >> sudo netsniff-ng/netsniff-ng -i enp0s3 -o /tmp/"$(date
>> >> >> +'%Y%m%d_%H%M')".pcap -n 100
>> >> >>
>> >> >> And I got the pcap file under /tmp:
>> >> >>
>> >> >> /tmp/20160218_1251.pcap
>> >> >>
>> >> >> May be I did not understand your problem ?
>> >> >>
>> >> >> Regards,
>> >> >> Vadim Kochan
>> >> >
>> >> > --
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "netsniff-ng" group.
>> >> > To unsubscribe from this group and stop receiving emails from it,
>> >> > send
>> >> > an
>> >> > email to netsniff-ng...@googlegroups.com.
>> >> > For more options, visit https://groups.google.com/d/optout.
>> >>
>> >> As I understand the problem - you can't specify custom date format via
>> >> command line ?
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "netsniff-ng" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to netsniff-ng...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google Groups
> "netsniff-ng" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to netsniff-ng+unsubscr...@googlegroups.com.
>

Re: [netsniff-ng] netsniff-ng output file name by date

2016-02-19 Thread and 
Sorry, I am beginner, so i am not sure about how to use "strftime". 
One strange thing, i can't understand: for tcpdump works comand I early 
wrote and it gives results that i expect:

tcpdump -i ethx -w /destination/tcpd_*'*%Y%m%d_%H%M'.pcap -n -G 3600

(enough to use quotes) But for netsniff-ng that doesn't work and I can't 
get why?

2016 m. vasaris 19 d., penktadienis 01:36:41 UTC+2, Vadim Kochan rašė:
>
> Hm, well we can do similary like tcpdump does - try to strftime output 
> pcap file name if -F is specified. 
>
> Lets see what Tobias or Daniel may suggest. 
>
> Regards, 
> Vadim Kochan 
>
> On Thu, Feb 18, 2016 at 10:51 PM, and  
> wrote: 
> > Yes, sort of that: i need that every pcap file get name, which should 
> > consist from date and time, when that file created. 
> > For example, with comand: 
> > netsniff-ng -i ethx -o /destination/"$(date +'%Y%m%d_%H%M')".pcap -s -F 
> 1hrs 
> > 
> > I expect to get (hourly) multiple files like: 
> > 
> > /destination/20160218_2015.pcap 
> > /destination/20160218_2115.pcap 
> > /destination/20160218_2215.pcap 
> > ... 
> > 
> > But i don't :( 
> > 
> > 2016 m. vasaris 18 d., ketvirtadienis 16:49:04 UTC+2, Vadim Kochan rašė: 
> >> 
> >> On Thu, Feb 18, 2016 at 2:13 PM, Andrius X  wrote: 
> >> > Thank you for fast respond. 
> >> > Sorry, I experimented a lot, but posted just part of information. 
> >> > 
> >> > Explanations: 
> >> > My goal is capture "endless" traffic and save it to pcaps. As it is 
> >> > endless 
> >> > traffic, I want to have multiple pcaps (for example, minutely or 
> hourly 
> >> > saved). 
> >> > 
> >> > Yes you right "$(date +'%Y%m%d_%H%M')" works, however netsniff with 
> it 
> >> > don't 
> >> > create multiple files with -F: 
> >> > 
> >> > sudo netsniff-ng -i ethx -o /destination/"$(date 
> +'%Y%m%d_%H%M')".pcap 
> >> > -s -F 
> >> > 10s 
> >> > 
> >> > just one file, or multiple files (with prefix option) but without 
> >> > changing time variable: 
> >> > 
> >> > sudo netsniff-ng -i ethx -o /destination/ -P "$(date 
> +'%Y%m%d_%H%M')"_ 
> >> > -s -F 
> >> > 10s 
> >> > 
> >> > 
> >> > 
> >> > 
> >> > For tcpdump works: 
> >> > tcpdump -i ethx -w /destination/tcpd_'%Y%m%d_%H%M'.pcap -n -G 3600 
> >> > 
> >> > 
> >> > 
> >> > 2016 m. vasaris 18 d., ketvirtadienis 12:58:10 UTC+2, Vadim Kochan 
> rašė: 
> >> >> 
> >> >> Hi, 
> >> >> 
> >> >> On Wed, Feb 17, 2016 at 9:55 AM,   wrote: 
> >> >> > Hi everyone, 
> >> >> > 
> >> >> > I have a questions about netsniff-ng and maybe you could help me: 
> >> >> > is there any possibility to format output file name by date & 
> time? 
> >> >> > 
> >> >> > I tried, but didn't work: 
> >> >> > 
> >> >> > netsniff-ng -i ethx -o /destination/"$(date +'%Y%m%d_%H%M')".pcap 
> >> >> > 
> >> >> > (I use netsniff-ng 0.5.7) 
> >> >> > 
> >> >> > PS. for tcpdump it works. 
> >> >> > 
> >> >> > Thanks. 
> >> >> > 
> >> >> > Best regards, 
> >> >> > and 
> >> >> > 
> >> >> > -- 
> >> >> > You received this message because you are subscribed to the Google 
> >> >> > Groups "netsniff-ng" group. 
> >> >> > To unsubscribe from this group and stop receiving emails from it, 
> >> >> > send 
> >> >> > an email to netsniff-ng...@googlegroups.com. 
> >> >> > For more options, visit https://groups.google.com/d/optout. 
> >> >> 
> >> >> I just tried it on Debian (in VBox) : 
> >> >> 
> >> >> sudo netsniff-ng/netsniff-ng -i enp0s3 -o /tmp/"$(date 
> >> >> +'%Y%m%d_%H%M')".pcap -n 100 
> >> >> 
> >> >> And I got the pcap file under /tmp: 
> >> >> 
> >> >> /tmp/20160218_1251.pcap 
> >> >> 
> >> >> May be I did not understand your problem ? 
> >> >> 
> >> >> Regards, 
> >> >> Vadim Kochan 
> >> > 
> >> > -- 
> >> > You received this message because you are subscribed to the Google 
> >> > Groups 
> >> > "netsniff-ng" group. 
> >> > To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> > an 
> >> > email to netsniff-ng...@googlegroups.com. 
> >> > For more options, visit https://groups.google.com/d/optout. 
> >> 
> >> As I understand the problem - you can't specify custom date format via 
> >> command line ? 
> > 
> > -- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "netsniff-ng" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to netsniff-ng...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"netsniff-ng" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to netsniff-ng+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.