Hi
i'm using tethereal
with this command line:
\_ supervise
sonda-tethereal
1872 ?
SN 0:01 | \_ /usr/bin/tethereal -n -q
-w /var/sonda/caps/current/1163502308_cap -a filesize:51200 -b 0:600 -i eth0 ip
proto \tcp and (host ip1 or host ip2 or host ip3 (etc) ) or arp
the problem is that
when there's no packets matching the capture file is wrote with 0
bytes instead of the normal file with 24 bytes and zero
packets.
# dpkg -l
tethereal* libpcap*
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/
Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err:
uppercase=bad)
||/
Name
Version
Description
+++-======================================-======================================-============================================================================================
ii
tethereal
0.10.10-2sarge9
network traffic analyzer (console)
un
libpcap-dev
<none>
(no description available)
un
libpcap-ruby
<none>
(no description available)
un
libpcap-ruby1.6
<none>
(no description available)
ii
libpcap-ruby1.8
0.6-5
libpcap interface for scripting language Ruby 1.8
ii
libpcap0.7
0.7.2-7
System interface for user-level packet capture
un
libpcap0.7-dev
<none>
(no description available)
ii
libpcap0.8
0.8.3-5
System interface for user-level packet capture
pn
libpcap0.8-dev
<none>
(no description available)
#
# uname
-a
Linux pulso-dc-041 2.6.10power-edge-2850-750 #1 SMP Fri Feb 25 10:36:50
WET 2005 i686 GNU/Linux
#
any
ideas?
Tiago
Gomes da Silva Mendo
e-mail: tiago.g.mendo@xxxxxxxxxx
PT
Comunicações/DRI/RTS (Direcção de Risco Técnico e Segurança)
Urbanização Tagus Park Lote 35 Torre 3
Piso 0
2784-549 Porto Salvo
Tel:
+351 21 501 9147