Re: How to get the process Id
by Corion (Patriarch) on Jul 29, 2015 at 07:38 UTC
|
This is more a shell question than a Perl question. The usual approach is to get a process which echoes its PID and then have that process replace itself with the target program, keeping the same PID.
Shell scripts can do this using the following idiom:
#!/usr/bin/ksh
echo $$
exec tcpdump -i any -w filename.pcap
This will print the PID to the console, but you could just as well output it to a file.
| [reply] [d/l] |
Re: How to get the process Id
by afoken (Chancellor) on Jul 29, 2015 at 16:32 UTC
|
All attempts to get the PID using ps, pidof, or simular tools may suffer from race conditions and false positives. (Imagine someone else starting tcpdump with the same arguments, perhaps even using the same account.) Short: they are unreliable.
Corion's way reliably writes the PID. But even that suffers from race conditions, because tcpdump may exit and its PID may be reused before the written PID is read by some other process.
This is a general problem of stored PIDs. They may be outdated before they are read. The only safe way to work with stored PIDs is to catch SIGCHLD in the parent process and delete the stored PID when the child process exits.
There are several tools working exactly this way, supervise from daemontools is one of them. supervise can reliably run a "background" process, and it can send signals to the "background" processes, all without having to write PID files. (The tool to send commands to supervise is svc.)
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
| [reply] [d/l] [select] |
Re: How to get the process Id
by vinoth.ree (Monsignor) on Jul 29, 2015 at 08:28 UTC
|
After you started the command in the background you can use ps aux | grep tcpdumpcommand and get the process id of the process, first field is name of the owner who started the process, second filed is the process id(PID).
All is well. I learn by answering your questions...
| [reply] [d/l] [select] |
|
If yours is not the only running tcpdump 'ps aux | grep tcpdump' returns more than one line. Luckily shell has $! variable that holds the last child PID. See bash for the details.
| [reply] |
|
| [reply] [d/l] [select] |
Re: How to get the process Id
by Myrddin Wyllt (Hermit) on Jul 29, 2015 at 13:11 UTC
|
Instead of ps, you could use pgrep -n -u vasuperl tcpdump
You need to do less munging of the return value as it just gives you the process id of the last command (-n) containing the string 'tcpdump' executed by the user (-u) 'vasuperl'.
| [reply] [d/l] [select] |
Re: How to get the process Id
by i5513 (Pilgrim) on Jul 29, 2015 at 20:21 UTC
|
Reply OT (not perl is mentioned)
I'm not sure if this is a XY Problem, but if you want to capture the traffic on remote host from windows, I would install plink + pageant from putty page and tshark from wireshark home
I would setup my environment so plink can ssh to host without password, with pki infraestructure (see pageant doc) (but you can use the the insecure -pw plink option) (thought I would try to use sudo and not root direct access)
Then add to %PATH% env var paths to tshark.exe and to plink.exe, and you could execute, to save 3 seconds of remote network traffic:
plink root@host tcpdump -i any -s0 -w - not port 22 | tshark -i - -w r
+emote-traffic-captured.dump -a duration:3
Regards, | [reply] [d/l] |
Re: How to get the process Id
by M4 (Novice) on Jul 29, 2015 at 15:10 UTC
|
You may be helped by a simple killall tcpdump, if yours is the only tcpdump running on the machine.
Otherwise, you may need to write a little wrapper program around the tcpdump command to fork and
1) In the parent get the pid (it's the return value from fork) and store it somewhere;
2) In the child exec() the tcpdump.
HTH,
M4
| [reply] [d/l] |