Fix capture by using pcap file intermediate step
Capture to a temporary pcap file first, then parse it. This prevents tshark from exiting early when encountering frames without RA/TA fields during live capture. The capture phase won't error on missing fields, and the parsing phase uses a display filter to only extract RA/TA from frames that have them. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Robert McMahon
parent
aed791efae
commit
5ee50bc184
|
|
@ -131,15 +131,25 @@ echo ""
|
|||
# Capture for specified duration and count packets
|
||||
echo "Capturing packets for $DURATION seconds..."
|
||||
|
||||
# Run capture with timeout
|
||||
# Note: timeout returns 124 when it times out (expected), so we need to handle that
|
||||
# Also, wlan.ra/wlan.ta may not be available for all frame types, which can cause tshark to exit with code 1
|
||||
# We'll capture both stdout and stderr, but continue even if tshark exits with an error
|
||||
# Use a temporary pcap file to avoid field extraction errors during capture
|
||||
# Capture to file first, then parse it - this prevents tshark from exiting early
|
||||
TEMP_PCAP=$(mktemp /tmp/tshark_capture_XXXXXX.pcap)
|
||||
|
||||
set +e # Temporarily disable exit on error
|
||||
# Use -q to suppress packet count output
|
||||
# Redirect stderr to /dev/null to suppress "Some fields aren't valid" errors
|
||||
# This allows tshark to continue even when encountering frames without RA/TA
|
||||
CAPTURE_OUTPUT=$(timeout "$DURATION" tshark -q -i "$INTERFACE" -n -T fields \
|
||||
# Capture to pcap file - this won't error on missing fields
|
||||
timeout "$DURATION" tshark -q -i "$INTERFACE" -n -w "$TEMP_PCAP" 2>/dev/null
|
||||
CAPTURE_EXIT_CODE=$?
|
||||
set -e # Re-enable exit on error
|
||||
|
||||
# Exit code 124 means timeout occurred (expected), 0 means command completed normally
|
||||
if [ "$CAPTURE_EXIT_CODE" -ne 0 ] && [ "$CAPTURE_EXIT_CODE" -ne 124 ]; then
|
||||
echo "Warning: tshark capture exited with code $CAPTURE_EXIT_CODE"
|
||||
fi
|
||||
|
||||
# Now parse the pcap file to extract fields
|
||||
# Use -Y filter to only process frames that have RA/TA to avoid field errors
|
||||
CAPTURE_OUTPUT=$(tshark -q -r "$TEMP_PCAP" -n -T fields \
|
||||
-Y "(wlan.ra) || (wlan.ta)" \
|
||||
-e frame.number \
|
||||
-e frame.time \
|
||||
-e wlan.ra \
|
||||
|
|
@ -148,16 +158,10 @@ CAPTURE_OUTPUT=$(timeout "$DURATION" tshark -q -i "$INTERFACE" -n -T fields \
|
|||
-e wlan.fc.subtype \
|
||||
-e wlan.fc.type_subtype \
|
||||
-e radiotap.present \
|
||||
2>/dev/null)
|
||||
CAPTURE_EXIT_CODE=$?
|
||||
set -e # Re-enable exit on error
|
||||
2>/dev/null || true)
|
||||
|
||||
# Exit code 124 means timeout occurred (expected), 0 means command completed normally
|
||||
# Exit code 1 might mean some fields weren't available for some frames, but we still got data
|
||||
# Other exit codes indicate actual errors
|
||||
if [ "$CAPTURE_EXIT_CODE" -ne 0 ] && [ "$CAPTURE_EXIT_CODE" -ne 124 ] && [ "$CAPTURE_EXIT_CODE" -ne 1 ]; then
|
||||
echo "Warning: tshark exited with code $CAPTURE_EXIT_CODE"
|
||||
fi
|
||||
# Clean up temp file
|
||||
rm -f "$TEMP_PCAP"
|
||||
|
||||
# Force output flush
|
||||
sync
|
||||
|
|
|
|||
Loading…
Reference in New Issue