Chris,
> Given the relatively limited amount of space for /var, and
> that I would like to see what's going on while I'm in the
> office and during the weekends (when I suspect these
> infections to be taking place), I would like to tell ethereal
> to send me an email containing the capture file every time
> that file reaches about 4M or so. Can this be done, and if
> so, could someone point me to the resource or do some 'hand
> holding'?
You can capture only 4M at a time using the filesize option with tethereal
tethereal -a filesize:4000 -w trace.cap
To get the STDERR info as well
tethereal -a filesize:4000 -w trace.cap 2>&1 info.txt
Write an script to email the response. To do this in perl see:
perldoc -q attachment
You want to restart every 4MB, so you need another perl (or bash) script:
while(1){
system('./run_4MBtethereal.sh');
# Note the & at the end of this system call.
# You don't want to wait for the email to finish before
# tethereal is restarted
system('./email_4MB_file.sh trace.cap info.txt &');
}
HTH
Alistair
-----------------------------------------------------------------------
Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
www.marksandspencer.com
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.
The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB.