Ethereal-users: RE: [Ethereal-users] Three big problems

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Alistair.McGlinchy@xxxxxxxxxxxxxxxxxxxxx
Date: Tue, 5 Nov 2002 14:37:37 -0000 
Justin

> > 3)  I need to be able to use at least 1000 files in the ring
> > buffer (although about 60,000 would be much better).  This 
> > one is by far the most important, since if I can get past the 
> > 10 file limitation I can worry about item 1) above and make 
> > do, but with only 10 files in the ring buffer I'm screwed.
> 
> Ethereal doesn't maintain any locks on the other files in the 
> ring buffer. Perhaps you could copy (or even move) the files 
> to your own "ring buffer" directory. Should be a trivial perl 
> script to sleep every 100ms and check for any new files and 
> FIFO data older than 3 days. 

Doh! Guy was right here, ethereal *does* maintain permanent locks on these
files, so you can't shift them away behind Ethereal's back. I'm not sure how
I did this last time. Perhaps I was running Win98 or something weird like
that. 

The big problems with running an eternal trace are possible memory leaks in
t?ethereal, and ensuring you don't miss any packets when starting new files.
So how about using fork (I am blessed with fork via Perl 5.6) and having
have, say, a 5 second cross over period? ... yet another dodgy code snipped
follows :-)

my $filename = $ARGV[0] || "trace";
my $interval = $ARGV[1] || 300; #seconds per trace
my $capinterval = $interval+5; # overlap traces by 5 seconds to ensure we
don't miss anything
my $suffix ="dmp";
$|=1;
while(1) {
	my $start=time;
	my $pid = fork();
	die "fork() failed: $!" unless defined $pid;
	if ($pid) { # Child does the trace
    		$cmd = "tethereal -a duration:$capinterval -w
$filename.$start.$suffix";
    		`$cmd`; exit 
	} 
	sleep $interval;
}


HTH

Alistair


-----------------------------------------------------------------------


Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.

Telephone (020) 7935 4422 
Facsimile (020) 7487 2670

www.marksandspencer.com

Please note that electronic mail may be monitored.

This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.

The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB.