How can I use 'tcpdump' command to capture and save each received packets to separate files (having rotatation per packet without losing any packets).
How about saving dump to a file and then splitting that to separate files?
$ sudo tcpdump -c 10 -w mycap.pcap
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Packet Tap), capture size 65535 bytes
10 packets captured
you'll need to have wireshark installed for this to work (e.g. with brew install wireshark on Mac or apt-get on Ubuntu)
$ editcap -c 1 mycap.pcap output.pcap
10 packets captured -> 10 files created
$ ls -la output* | wc -l
10
Related
I setup a NetCat Video Stream from my RPi and I am accessing it with OpenCV in the following way:
videoStream = cv2.VideoCapture("tcp://#<my_ip>:<my_port>/")
...
videoStream.release()
Unfortunately I cannot connect to the Stream multiple times without reinitializing it. How does OpenCV tread my tcp connection? Does .release() properly close the socket or what is the right way to close it?
I would comment but I do not have enough points. I had a similar issue. Ultimately, what worked for me is the run netcat with the -k option, which does allow reconnecting:
on RPI:
/opt/vc/bin/raspivid -n -t 0 -w 640 -h 360 -fps 30 -ih -fl -l -o - | /bin/nc -klvp 5000
for nc, the -k option keeps the port listening after the first client disconnects, thereby allowing you to reconnect. You won't need the -v option, it just adds some verbosity.
Another alternative is to
on receiver (Ubuntu, Win10):
nc x.x.x.x 5000 | mplayer -fps 200 -demuxer h264es -
or
gst-launch-1.0 -v tcpclientsrc host=10.60.66.237 port=5000 ! decodebin ! autovideosink
Python code with opencv:
import cv2
cap = cv2.VideoCapture("tcp://10.60.66.237:5000")
while(True):
ret, frame = cap.read()
cv2.imshow('frame', frame)
# the 'q' button is set as the
# quitting button you may use any
# desired button of your choice
if cv2.waitKey(1) & 0xFF == ord('q'):
break
cap.release()
cv2.destroyAllWindows()
Disconnect and reconnect all you want :)
I am trying to run a home security camera using Rasberry Pi Model B
I want to save the stream to a file locally (USB if possible) and also stream so I can pick this up on my network
The command I have is not working for both - any suggestions?
raspivid-o security.h264 -t 0 -n -w 600 -h 400 -fps 12 | cvlc -vvv stream:///dev/stdin --sout '#rtp{sdp=rtsp://:8554/}' :demux=h264
Try this command:
raspivid -o - -t 0 -n -w 600 -h 400 -fps 12 | tee security.h264 | cvlc -vvv stream:///dev/stdin --sout '#rtp{sdp=rtsp://:8554/}' :demux=h264
The tee command writes the output to the standard output and to the specified files.
I am trying to only capture packets that contain requests to a certain API endpoint so tried to filter using the following:
tshark -i 2 -f 'port 80' -T pdml http.request.uri contains "/google/"
However I keep getting the following error:
tshark: A capture filter was specified both with "-f" and with additional
command-line arguments.
Tried removing the -f, but that did not help either. Any suggestions?
eg url: https://testAPI.com/termsearch/google/application
Your tshark command is incorrect. To specify a Wireshark display filter, you need to use the -Y option.
Windows:
tshark -i 2 -T pdml -Y "http.request.uri contains \"/google/\""
*nix:
tshark -i 2 -T pdml -Y 'http.request.uri contains "/google/"'
How can i get the tcp payload of packets with tshark, and also get the source IP that sent these packets?
This command works for most packets, but some packets are still printed WITHOUT a source IP (Why?) :
tshark -Y "tcp.dstport == 80" -T fields -d tcp.port==80,echo -e echo.data -e ip.src
*To test my command, run it and then browse to http://stackoverflow.com. Notice that usually the data chunks ("47:45:54:20:2f:61:64:73:...") have an IP after them, but not always.
I found the problem:
The packets with a missing source IP were IPv6, but my original command only prints IPv4.
This works:
tshark -Y "tcp.dstport == 80" -T fields -d tcp.port==80,echo -e echo.data -e ip.src -e ipv6.src
vnstat is updating only one interface every five minutes. I have to use
vnstat -u
to manually update the rest of interfaces. All interfaces are already enabled, but only one interface is updating every 5 minutes.
Check which user the vnstat daemon is running as using ps aux | grep [v]nstat.
I recently had the same problem and after priming the database with
vnstat -u -i eth0 as root the vnstat process couldn't write to the /var/lib/vnstat/eth0
file as it was running as user "vnstat".
If vnstat is running as user "vnstat" ensure that it has permission to write to /var/lib/vnstat/eth0.
When you add the interface for eth0 or ppp0 or whatever, make sure you do it as the vnstat user. ie
sudo -u vnstat vnstat -i ppp0 -u
If you run this as root first you are will have problems even if you chmod the file in /var/lib/vnstat. This is due to the creation of a back file called .ppp0 which you might miss if you are not looking for it. There will be an error in syslog saying that the backup file cannot be written.
So I was having a similar problem where i was getting the following:
$ vnstat -i eno1
eno1: not enough data available yet
I also tried every other command while pointing to eno1. I would sometimes even get:
Error: Unable to create database backup "/var/lib/vnstat/.eno1"
OR
Segmentation fault (core dumped)
I tried reinstalling, and everything else under the sun.
Following Andrew's answer to the 't' returned:
Error: Unable to open database "/var/lib/vnstat/eno1" for writing: Permission denied
so instead I did the following, but I'm not sure which one of these commands did the trick.
$ sudo vnstat -i eno1 -u
$ sudo vnstat -u -i eno1
Then I checked to see if the interface was working again:
$ sudo vnstat -i eno1
which returned:
>
Database updated: Wed Dec 5 10:17:37 2018
(eno1) since 1969-12-31
rx: 2 KiB tx: 1 KiB total: 3 KiB
monthly
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
Dec '69 2 KiB | 1 KiB | 3 KiB | 0.00 kbit/s
------------------------+-------------+-------------+---------------
estimated -- | -- | -- |
daily
rx | tx | total | avg. rate
------------------------+-------------+-------------+---------------
today 2 KiB | 1 KiB | 3 KiB | 0.00 kbit/s
------------------------+-------------+-------------+---------------
estimated -- | -- | -- |
Now its finally able to read and write to eno1 log. I noticed this problem since conky was not showing up any stats reports on today && Month && total. I wasn't expecting anything under month, but after a couple days I was expecting something under hours.
I realise the rest will take a while to populate with data. But now I know for sure it is working. Also, my conky app is finally displaying the information.
However, prior to this solution, I had already chmod the file.
Additional info for newbies such as myself:
- make sure to check which interface you are using, I often see solutions for eth0 and others that do not appear when using "$ ifconfig". Enter:
$ ifconfig
and you should see on the left hand side of the results the interface name. Mine are, eno1, lo, and wlo1.
next to the label: "Link encap:" it should say if it is wireless, ethernet, or local loopback
lo is the local loopback a.k.a localhost/127.0.0.1
What I am not sure of, in my case, is the difference between eno1 and wlo1. they both say "Ethernet". I wonder if doesn't have something to do with my direct wifi printer.