Wireshark · Ethereal-users: RE: [Ethereal-users] Capturing by time

["McNutt, Justin M." <McNuttJ@xxxxxxxxxxxx>]

Actually, if you send tethereal a HUP signal, it will write out whatever it has captured and then exit.  You could set up a cron or at job to stop tethereal at a particular time.

 

If you're real perl savvy, you could even set up something that would fork a child, start tethereal, report the PID of the tethereal process back to the parent, make the parent sleep for XXX seconds, then have the parent 'kill -HUP' on tethereal.  The child would then terminate on its own, and the parent could do whatever and/or terminate.

 

You'd want to see 'man perlipc' and look for the section with this in it:

 

 $pid = open(KID_TO_READ, "-|");

 

Anything the child prints to STDOUT can be read by the parent using the KID_TO_READ filehandle.  You don't really need to communicate the other way except to send the HUP to the tethereal process.

 

--J

-----Original Message-----
From: Tinga Shilo [mailto:tingashilo@xxxxxxxxx]
Sent: Thursday, October 18, 2001 8:25 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] Capturing by time

The "-c" option for tethereal is very useful for me.

Is there a way to tell tethereal to stop, based on time rather

than packet count ?