Actually, if you
send tethereal a HUP signal, it will write out whatever it has captured and then
exit. You could set up a cron or at job to stop tethereal at a particular
time.
If you're real
perl savvy, you could even set up something that would fork a child, start
tethereal, report the PID of the tethereal process back to the parent, make the
parent sleep for XXX seconds, then have the parent 'kill -HUP' on
tethereal. The child would then terminate on its own, and the parent could
do whatever and/or terminate.
You'd want to see
'man perlipc' and look for the section with this in it:
$pid =
open(KID_TO_READ, "-|");
Anything the
child prints to STDOUT can be read by the parent using the KID_TO_READ
filehandle. You don't really need to communicate the other way except to
send the HUP to the tethereal process.
--J
The
"-c" option for tethereal is very useful for me.
Is
there a way to tell tethereal to stop, based on time
rather
than
packet count ?