Stop CTRL+C Exiting Local Script Which is Running tcpdump in Remote Machine












0















I have setup a simple script like the below:



sshpass -p $password ssh -T $username@$ip_address -p 30007 <<- EOF > $save_file.pcap
sh
tcpdump -i eth5.1 -s 0 -n -v -U -w -
EOF

sed -i '1d' $save_file.pcap


The purpose of this script is so that I can run a tcpdump on a remote device, yet save the output into a file on my local machine (the remote device has very limited storage capacity, so this would allow me to obtain much large captures, as well as, of course, allowing me to setup captures on demand much more quickly).



The purpose of the sh and the heredoc is because by default, I am not dropped into the appropriate shell of this remote device. Issuing sh in the remote device gets me to the proper shell to be able to run my tcpdump, and this heredoc is the only method I've found to accomplish this task and still port the information back into my local file.



The issue that I'm running into is that once the script gets to the tcpdump section of this script, my terminal is given output like the below, and like I would expect to see when running a tcpdump into a file:



drew@drew-Ubuntu-18:~/Desktop$ ./Script.sh 
tcpdump: listening on eth5.1, link-type EN10MB (Ethernet), capture size 65535 bytes
Got 665


And of course that "Got" counter increases as more packets are captured and piped into my local file. Unfortunately, the only method I have found thus far to stop this and return my terminal is to initiate a CTRL+C.



The issue here is that this doesn't only stop the tcpdump on the remote machine, but it ends the script that is running on my local machine.



This of course means that nothing further in my script is run, and there are many tasks that I need to perform with this data past just the sed that I included here.



I've tried to instead set things up like follows instead:



tcpdump -i eth5.1 -s 0 -n -v -U -w - &
read -n 1 -s; kill $!


The thought process here is that my raw tcpdump information would still be posting to stdout, and therefor still be populating in my local capture file. However, it seems like when I tried to run a capture in this manner, with the &, it didn't actually let me post anything else into the terminal (not sure if just too much junk flying at all times or what). I even tried this locally and it seems like trying to run a raw tcpdump posting to stdout doesn't let anything else happen.



Based on this information, the only thing I can think of at this point is if there is some manner in which I can use the CTRL+C in order to close out of the tcpdump on the remote machine, but keep my script still running. Been searching for pretty much a whole day now without success. Any suggestions I can try? Or other methods of going about this that would be far more logical?









share







New contributor




Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

























    0















    I have setup a simple script like the below:



    sshpass -p $password ssh -T $username@$ip_address -p 30007 <<- EOF > $save_file.pcap
    sh
    tcpdump -i eth5.1 -s 0 -n -v -U -w -
    EOF

    sed -i '1d' $save_file.pcap


    The purpose of this script is so that I can run a tcpdump on a remote device, yet save the output into a file on my local machine (the remote device has very limited storage capacity, so this would allow me to obtain much large captures, as well as, of course, allowing me to setup captures on demand much more quickly).



    The purpose of the sh and the heredoc is because by default, I am not dropped into the appropriate shell of this remote device. Issuing sh in the remote device gets me to the proper shell to be able to run my tcpdump, and this heredoc is the only method I've found to accomplish this task and still port the information back into my local file.



    The issue that I'm running into is that once the script gets to the tcpdump section of this script, my terminal is given output like the below, and like I would expect to see when running a tcpdump into a file:



    drew@drew-Ubuntu-18:~/Desktop$ ./Script.sh 
    tcpdump: listening on eth5.1, link-type EN10MB (Ethernet), capture size 65535 bytes
    Got 665


    And of course that "Got" counter increases as more packets are captured and piped into my local file. Unfortunately, the only method I have found thus far to stop this and return my terminal is to initiate a CTRL+C.



    The issue here is that this doesn't only stop the tcpdump on the remote machine, but it ends the script that is running on my local machine.



    This of course means that nothing further in my script is run, and there are many tasks that I need to perform with this data past just the sed that I included here.



    I've tried to instead set things up like follows instead:



    tcpdump -i eth5.1 -s 0 -n -v -U -w - &
    read -n 1 -s; kill $!


    The thought process here is that my raw tcpdump information would still be posting to stdout, and therefor still be populating in my local capture file. However, it seems like when I tried to run a capture in this manner, with the &, it didn't actually let me post anything else into the terminal (not sure if just too much junk flying at all times or what). I even tried this locally and it seems like trying to run a raw tcpdump posting to stdout doesn't let anything else happen.



    Based on this information, the only thing I can think of at this point is if there is some manner in which I can use the CTRL+C in order to close out of the tcpdump on the remote machine, but keep my script still running. Been searching for pretty much a whole day now without success. Any suggestions I can try? Or other methods of going about this that would be far more logical?









    share







    New contributor




    Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.























      0












      0








      0








      I have setup a simple script like the below:



      sshpass -p $password ssh -T $username@$ip_address -p 30007 <<- EOF > $save_file.pcap
      sh
      tcpdump -i eth5.1 -s 0 -n -v -U -w -
      EOF

      sed -i '1d' $save_file.pcap


      The purpose of this script is so that I can run a tcpdump on a remote device, yet save the output into a file on my local machine (the remote device has very limited storage capacity, so this would allow me to obtain much large captures, as well as, of course, allowing me to setup captures on demand much more quickly).



      The purpose of the sh and the heredoc is because by default, I am not dropped into the appropriate shell of this remote device. Issuing sh in the remote device gets me to the proper shell to be able to run my tcpdump, and this heredoc is the only method I've found to accomplish this task and still port the information back into my local file.



      The issue that I'm running into is that once the script gets to the tcpdump section of this script, my terminal is given output like the below, and like I would expect to see when running a tcpdump into a file:



      drew@drew-Ubuntu-18:~/Desktop$ ./Script.sh 
      tcpdump: listening on eth5.1, link-type EN10MB (Ethernet), capture size 65535 bytes
      Got 665


      And of course that "Got" counter increases as more packets are captured and piped into my local file. Unfortunately, the only method I have found thus far to stop this and return my terminal is to initiate a CTRL+C.



      The issue here is that this doesn't only stop the tcpdump on the remote machine, but it ends the script that is running on my local machine.



      This of course means that nothing further in my script is run, and there are many tasks that I need to perform with this data past just the sed that I included here.



      I've tried to instead set things up like follows instead:



      tcpdump -i eth5.1 -s 0 -n -v -U -w - &
      read -n 1 -s; kill $!


      The thought process here is that my raw tcpdump information would still be posting to stdout, and therefor still be populating in my local capture file. However, it seems like when I tried to run a capture in this manner, with the &, it didn't actually let me post anything else into the terminal (not sure if just too much junk flying at all times or what). I even tried this locally and it seems like trying to run a raw tcpdump posting to stdout doesn't let anything else happen.



      Based on this information, the only thing I can think of at this point is if there is some manner in which I can use the CTRL+C in order to close out of the tcpdump on the remote machine, but keep my script still running. Been searching for pretty much a whole day now without success. Any suggestions I can try? Or other methods of going about this that would be far more logical?









      share







      New contributor




      Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      I have setup a simple script like the below:



      sshpass -p $password ssh -T $username@$ip_address -p 30007 <<- EOF > $save_file.pcap
      sh
      tcpdump -i eth5.1 -s 0 -n -v -U -w -
      EOF

      sed -i '1d' $save_file.pcap


      The purpose of this script is so that I can run a tcpdump on a remote device, yet save the output into a file on my local machine (the remote device has very limited storage capacity, so this would allow me to obtain much large captures, as well as, of course, allowing me to setup captures on demand much more quickly).



      The purpose of the sh and the heredoc is because by default, I am not dropped into the appropriate shell of this remote device. Issuing sh in the remote device gets me to the proper shell to be able to run my tcpdump, and this heredoc is the only method I've found to accomplish this task and still port the information back into my local file.



      The issue that I'm running into is that once the script gets to the tcpdump section of this script, my terminal is given output like the below, and like I would expect to see when running a tcpdump into a file:



      drew@drew-Ubuntu-18:~/Desktop$ ./Script.sh 
      tcpdump: listening on eth5.1, link-type EN10MB (Ethernet), capture size 65535 bytes
      Got 665


      And of course that "Got" counter increases as more packets are captured and piped into my local file. Unfortunately, the only method I have found thus far to stop this and return my terminal is to initiate a CTRL+C.



      The issue here is that this doesn't only stop the tcpdump on the remote machine, but it ends the script that is running on my local machine.



      This of course means that nothing further in my script is run, and there are many tasks that I need to perform with this data past just the sed that I included here.



      I've tried to instead set things up like follows instead:



      tcpdump -i eth5.1 -s 0 -n -v -U -w - &
      read -n 1 -s; kill $!


      The thought process here is that my raw tcpdump information would still be posting to stdout, and therefor still be populating in my local capture file. However, it seems like when I tried to run a capture in this manner, with the &, it didn't actually let me post anything else into the terminal (not sure if just too much junk flying at all times or what). I even tried this locally and it seems like trying to run a raw tcpdump posting to stdout doesn't let anything else happen.



      Based on this information, the only thing I can think of at this point is if there is some manner in which I can use the CTRL+C in order to close out of the tcpdump on the remote machine, but keep my script still running. Been searching for pretty much a whole day now without success. Any suggestions I can try? Or other methods of going about this that would be far more logical?







      tcpdump here-document sshpass sigint





      share







      New contributor




      Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.










      share







      New contributor




      Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.








      share



      share






      New contributor




      Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 3 mins ago









      DrewDrew

      12




      12




      New contributor




      Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Drew is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });






          Drew is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f498382%2fstop-ctrlc-exiting-local-script-which-is-running-tcpdump-in-remote-machine%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Drew is a new contributor. Be nice, and check out our Code of Conduct.










          draft saved

          draft discarded


















          Drew is a new contributor. Be nice, and check out our Code of Conduct.













          Drew is a new contributor. Be nice, and check out our Code of Conduct.












          Drew is a new contributor. Be nice, and check out our Code of Conduct.
















          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f498382%2fstop-ctrlc-exiting-local-script-which-is-running-tcpdump-in-remote-machine%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Accessing regular linux commands in Huawei's Dopra Linux

          Can't connect RFCOMM socket: Host is down

          Kernel panic - not syncing: Fatal Exception in Interrupt