Ethereal-users: Re: [Ethereal-users] Is ethereal schedulable ?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Fri, 22 Dec 2000 13:38:23 -0800
On Fri, Dec 22, 2000 at 11:39:01AM -0800, Jae Kim wrote:
> Hi, I am newbie to ethereal.
> I was wondering if ethereal could be scheduled to do the batch of tasks.
> For example, if I set it to start capturing packets every morning at 8 AM
> till 5 PM and save it to the file.
> Is this possible with ethereal ?

It *might* be possible with Tethereal, at least on some platforms, but
it's not possible with Tethereal by itself.

At least on a UNIX system, you could use "cron" to start running
Tethereal (you want Tethereal, not Ethereal, for an automated task such
as this) at approximately 8AM (you could create a cron job to start it
at 8AM, but there's no guarantee that the capture would start *exactly*
at 8AM, as it'd take some time for "cron" to start running Tethereal,
and some time for Tethereal to start up.

To stop the capture, you'd have to somehow arrange to save the process
ID of the Tethereal process to a file - for example, have the cron job
not run Tethereal directly, but run a script such as

	tethereal -i fxp0 -w /usr/jaekim/capture-file.pcap &
	echo $! >/usr/jaekim/tethereal.pid

which would run "tethereal", capturing from the "fxp0" network
interface, and writing to the file "/usr/jaekim/capture-file.pcap", in
the background, and would then write the process ID of the most recently
started background process - i.e., the Tethereal process - to the file
"/usr/jaekim/tethereal.pid".

You would then have *another* cron job that, at 5PM, did

	kill -INT `cat /usr/jaekim/tethereal.pid`

which means it'll send a SIGINT signal - which is the signal that a ^C
from the keyboard sends - to the process whose process ID is in the file
"/usr/jaekim/tethereal.pid", i.e. to the Tethereal process.  Tethereal
catches the SIGINT signal, and closes the capture file and exits.

If you're running Windows, it may or may not be possible; there's an
"AT" service on Windows NT that might be able to run programs at
particular times, but I don't know whether there's any way to do the
equivalent of the

	kill -INT `cat /usr/jaekim/tethereal.pid`

to make Tethereal think somebody typed ^C at it.