0

When I run the Bash shell script below, the last line reports anywhere from 4 - 9 packets captured when it should report 29 - 34 packets captured, and it says "tshark: "RESULTS/C6-1/C6-1n10.pcap" appears to have been cut short in the middle of a packet."

If I run the tshark command embedded in the last line of this script from the command line after the scripts exits, the count is correct.

What am I doing wrong?

#!/bin/bash

tshark -i eth1 -a duration:245 -w RESULTS/C6-1/C6-1n10.pcap &> /dev/null &

# tshark seems to take some time to start. Allow for this.
sleep 10

# This takes 225 seconds to run.
mgen flush input C6-1/C6-1n10.mgn 2>&1 | tee RESULTS/C6-1/C6-1n10_mgen_log.txt

mgen_stats RESULTS/C6-1/C6-1n10_mgen_log.txt 20 20 224 20 239 60 2>&1 | tee RESULTS/C6-1/C6-1n10_mgen_analysis.txt

echo 2>&1 | tee -a RESULTS/C6-1/C6-1n10_mgen_analysis.txt
echo 2>&1 | tee -a RESULTS/C6-1/C6-1n10_mgen_analysis.txt
echo 2>&1 | tee -a RESULTS/C6-1/C6-1n10_mgen_analysis.txt

echo "There should be 29 - 34 messages from group 239.0.20.20. The actual count is:" 2>&1 | tee -a RESULTS/C6-1/C6-1n10_mgen_analysis.txt

# Ensure that the tshark instance we started above has time to exit before we start another instance.
sleep 20

echo `tshark -r RESULTS/C6-1/C6-1n10.pcap -R "ip.src == 104.4.20.2 && ip.dst == 239.0.20.20" | wc -l` 2>&1 | tee -a RESULTS/C6-1/C6-1n10_mgen_analysis.txt
4

2 回答 2

1

您无法保证初始 tshark 实例到那时实际上已经完成。与其偶尔猜测并使用睡眠,不如使用wait强制脚本等待 tshark 完成。

在退出脚本之前等待后台进程完成

于 2014-04-20T20:10:13.647 回答
0

  1. 当我们在 TShark 1.12.1 版本的 tshark 过滤器中使用“wc -l”时返回不适当的数据包计数(在 TShark 1.10.1 中工作正常)

  2. 当我们在 TShark 1.12.1 版本中使用“(ipv6.nxt ==17)”字段过滤 pcap 文件时看到的问题(在 TShark 1.10.1 中工作正常)

于 2018-10-24T13:19:57.987 回答