Stop CTRL+C Exiting Local Script Which is Running tcpdump in Remote Machine
I have setup a simple script like the below:
sshpass -p $password ssh -T $username@$ip_address -p 30007 <<- EOF > $save_file.pcap
sh
tcpdump -i eth5.1 -s 0 -n -v -U -w -
EOF
sed -i '1d' $save_file.pcap
The purpose of this script is so that I can run a tcpdump on a remote device, yet save the output into a file on my local machine (the remote device has very limited storage capacity, so this would allow me to obtain much large captures, as well as, of course, allowing me to setup captures on demand much more quickly).
The purpose of the sh and the heredoc is because by default, I am not dropped into the appropriate shell of this remote device. Issuing sh in the remote device gets me to the proper shell to be able to run my tcpdump, and this heredoc is the only method I've found to accomplish this task and still port the information back into my local file.
The issue that I'm running into is that once the script gets to the tcpdump section of this script, my terminal is given output like the below, and like I would expect to see when running a tcpdump into a file:
drew@drew-Ubuntu-18:~/Desktop$ ./Script.sh
tcpdump: listening on eth5.1, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 665
And of course that "Got" counter increases as more packets are captured and piped into my local file. Unfortunately, the only method I have found thus far to stop this and return my terminal is to initiate a CTRL+C.
The issue here is that this doesn't only stop the tcpdump on the remote machine, but it ends the script that is running on my local machine.
This of course means that nothing further in my script is run, and there are many tasks that I need to perform with this data past just the sed that I included here.
I've tried to instead set things up like follows instead:
tcpdump -i eth5.1 -s 0 -n -v -U -w - &
read -n 1 -s; kill $!
The thought process here is that my raw tcpdump information would still be posting to stdout, and therefor still be populating in my local capture file. However, it seems like when I tried to run a capture in this manner, with the &, it didn't actually let me post anything else into the terminal (not sure if just too much junk flying at all times or what). I even tried this locally and it seems like trying to run a raw tcpdump posting to stdout doesn't let anything else happen.
Based on this information, the only thing I can think of at this point is if there is some manner in which I can use the CTRL+C in order to close out of the tcpdump on the remote machine, but keep my script still running. Been searching for pretty much a whole day now without success. Any suggestions I can try? Or other methods of going about this that would be far more logical?
tcpdump here-document sshpass sigint
asked 4 mins ago
DrewDrew
12
New contributor
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I have setup a simple script like the below:
sshpass -p $password ssh -T $username@$ip_address -p 30007 <<- EOF > $save_file.pcap
sh
tcpdump -i eth5.1 -s 0 -n -v -U -w -
EOF
sed -i '1d' $save_file.pcap
The purpose of this script is so that I can run a tcpdump on a remote device, yet save the output into a file on my local machine (the remote device has very limited storage capacity, so this would allow me to obtain much large captures, as well as, of course, allowing me to setup captures on demand much more quickly).
The purpose of the sh and the heredoc is because by default, I am not dropped into the appropriate shell of this remote device. Issuing sh in the remote device gets me to the proper shell to be able to run my tcpdump, and this heredoc is the only method I've found to accomplish this task and still port the information back into my local file.
The issue that I'm running into is that once the script gets to the tcpdump section of this script, my terminal is given output like the below, and like I would expect to see when running a tcpdump into a file:
drew@drew-Ubuntu-18:~/Desktop$ ./Script.sh
tcpdump: listening on eth5.1, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 665
And of course that "Got" counter increases as more packets are captured and piped into my local file. Unfortunately, the only method I have found thus far to stop this and return my terminal is to initiate a CTRL+C.
The issue here is that this doesn't only stop the tcpdump on the remote machine, but it ends the script that is running on my local machine.
This of course means that nothing further in my script is run, and there are many tasks that I need to perform with this data past just the sed that I included here.
I've tried to instead set things up like follows instead:
tcpdump -i eth5.1 -s 0 -n -v -U -w - &
read -n 1 -s; kill $!
The thought process here is that my raw tcpdump information would still be posting to stdout, and therefor still be populating in my local capture file. However, it seems like when I tried to run a capture in this manner, with the &, it didn't actually let me post anything else into the terminal (not sure if just too much junk flying at all times or what). I even tried this locally and it seems like trying to run a raw tcpdump posting to stdout doesn't let anything else happen.
Based on this information, the only thing I can think of at this point is if there is some manner in which I can use the CTRL+C in order to close out of the tcpdump on the remote machine, but keep my script still running. Been searching for pretty much a whole day now without success. Any suggestions I can try? Or other methods of going about this that would be far more logical?
tcpdump here-document sshpass sigint
asked 4 mins ago
DrewDrew
12
New contributor
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I have setup a simple script like the below:
sshpass -p $password ssh -T $username@$ip_address -p 30007 <<- EOF > $save_file.pcap
sh
tcpdump -i eth5.1 -s 0 -n -v -U -w -
EOF
sed -i '1d' $save_file.pcap
The purpose of this script is so that I can run a tcpdump on a remote device, yet save the output into a file on my local machine (the remote device has very limited storage capacity, so this would allow me to obtain much large captures, as well as, of course, allowing me to setup captures on demand much more quickly).
The purpose of the sh and the heredoc is because by default, I am not dropped into the appropriate shell of this remote device. Issuing sh in the remote device gets me to the proper shell to be able to run my tcpdump, and this heredoc is the only method I've found to accomplish this task and still port the information back into my local file.
The issue that I'm running into is that once the script gets to the tcpdump section of this script, my terminal is given output like the below, and like I would expect to see when running a tcpdump into a file:
drew@drew-Ubuntu-18:~/Desktop$ ./Script.sh
tcpdump: listening on eth5.1, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 665
And of course that "Got" counter increases as more packets are captured and piped into my local file. Unfortunately, the only method I have found thus far to stop this and return my terminal is to initiate a CTRL+C.
The issue here is that this doesn't only stop the tcpdump on the remote machine, but it ends the script that is running on my local machine.
This of course means that nothing further in my script is run, and there are many tasks that I need to perform with this data past just the sed that I included here.
I've tried to instead set things up like follows instead:
tcpdump -i eth5.1 -s 0 -n -v -U -w - &
read -n 1 -s; kill $!
The thought process here is that my raw tcpdump information would still be posting to stdout, and therefor still be populating in my local capture file. However, it seems like when I tried to run a capture in this manner, with the &, it didn't actually let me post anything else into the terminal (not sure if just too much junk flying at all times or what). I even tried this locally and it seems like trying to run a raw tcpdump posting to stdout doesn't let anything else happen.
Based on this information, the only thing I can think of at this point is if there is some manner in which I can use the CTRL+C in order to close out of the tcpdump on the remote machine, but keep my script still running. Been searching for pretty much a whole day now without success. Any suggestions I can try? Or other methods of going about this that would be far more logical?
tcpdump here-document sshpass sigint
asked 4 mins ago
DrewDrew
12
New contributor
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I have setup a simple script like the below:
sshpass -p $password ssh -T $username@$ip_address -p 30007 <<- EOF > $save_file.pcap
sh
tcpdump -i eth5.1 -s 0 -n -v -U -w -
EOF
sed -i '1d' $save_file.pcap
The purpose of this script is so that I can run a tcpdump on a remote device, yet save the output into a file on my local machine (the remote device has very limited storage capacity, so this would allow me to obtain much large captures, as well as, of course, allowing me to setup captures on demand much more quickly).
The purpose of the sh and the heredoc is because by default, I am not dropped into the appropriate shell of this remote device. Issuing sh in the remote device gets me to the proper shell to be able to run my tcpdump, and this heredoc is the only method I've found to accomplish this task and still port the information back into my local file.
The issue that I'm running into is that once the script gets to the tcpdump section of this script, my terminal is given output like the below, and like I would expect to see when running a tcpdump into a file:
drew@drew-Ubuntu-18:~/Desktop$ ./Script.sh
tcpdump: listening on eth5.1, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 665
And of course that "Got" counter increases as more packets are captured and piped into my local file. Unfortunately, the only method I have found thus far to stop this and return my terminal is to initiate a CTRL+C.
The issue here is that this doesn't only stop the tcpdump on the remote machine, but it ends the script that is running on my local machine.
This of course means that nothing further in my script is run, and there are many tasks that I need to perform with this data past just the sed that I included here.
I've tried to instead set things up like follows instead:
tcpdump -i eth5.1 -s 0 -n -v -U -w - &
read -n 1 -s; kill $!
The thought process here is that my raw tcpdump information would still be posting to stdout, and therefor still be populating in my local capture file. However, it seems like when I tried to run a capture in this manner, with the &, it didn't actually let me post anything else into the terminal (not sure if just too much junk flying at all times or what). I even tried this locally and it seems like trying to run a raw tcpdump posting to stdout doesn't let anything else happen.
Based on this information, the only thing I can think of at this point is if there is some manner in which I can use the CTRL+C in order to close out of the tcpdump on the remote machine, but keep my script still running. Been searching for pretty much a whole day now without success. Any suggestions I can try? Or other methods of going about this that would be far more logical?
tcpdump here-document sshpass sigint
tcpdump here-document sshpass sigint
asked 4 mins ago
DrewDrew
12
New contributor
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 mins ago
DrewDrew
12
New contributor
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 mins ago
DrewDrew
12
New contributor
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 4 mins ago
DrewDrew
12
asked 4 mins ago
DrewDrew
12
12
New contributor
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Drew is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f498382%2fstop-ctrlc-exiting-local-script-which-is-running-tcpdump-in-remote-machine%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Drew is a new contributor. Be nice, and check out our Code of Conduct.
Drew is a new contributor. Be nice, and check out our Code of Conduct.
Drew is a new contributor. Be nice, and check out our Code of Conduct.
Drew is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f498382%2fstop-ctrlc-exiting-local-script-which-is-running-tcpdump-in-remote-machine%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
