rjmcmahon
/
fiwi_monitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add diagnostics for pcap file capture issues 

- Check if pcap file exists and show its size
- Count raw packets in pcap file using capinfos or tshark
- Add sync after capture to ensure file is written
- This will help diagnose why main capture shows few/no packets

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Robert McMahon 2026-02-13 14:13:19 -08:00
parent 73358f9223
commit ba4fb72a40
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
test_monitor_tshark.sh
View File

@ -138,15 +138,42 @@ echo "Capturing to temporary file: $TEMP_PCAP"
set +e # Temporarily disable exit on error set +e # Temporarily disable exit on error
# Capture to pcap file - this won't error on missing fields # Capture to pcap file - this won't error on missing fields
# Use -b filesize:100000 to rotate files if needed, but we'll only use the first
timeout "$DURATION" tshark -q -i "$INTERFACE" -n -w "$TEMP_PCAP" 2>/dev/null timeout "$DURATION" tshark -q -i "$INTERFACE" -n -w "$TEMP_PCAP" 2>/dev/null
CAPTURE_EXIT_CODE=$? CAPTURE_EXIT_CODE=$?
set -e # Re-enable exit on error set -e # Re-enable exit on error
# Force sync to ensure file is written
sync
# Exit code 124 means timeout occurred (expected), 0 means command completed normally # Exit code 124 means timeout occurred (expected), 0 means command completed normally
if [ "$CAPTURE_EXIT_CODE" -ne 0 ] && [ "$CAPTURE_EXIT_CODE" -ne 124 ]; then if [ "$CAPTURE_EXIT_CODE" -ne 0 ] && [ "$CAPTURE_EXIT_CODE" -ne 124 ]; then
echo "Warning: tshark capture exited with code $CAPTURE_EXIT_CODE" echo "Warning: tshark capture exited with code $CAPTURE_EXIT_CODE"
fi fi
# Check if pcap file exists and get its size
if [ -f "$TEMP_PCAP" ]; then
PCAP_SIZE=$(stat -c%s "$TEMP_PCAP" 2>/dev/null || stat -f%z "$TEMP_PCAP" 2>/dev/null || echo "0")
echo "Pcap file size: $PCAP_SIZE bytes"
# Count packets in raw pcap file using capinfos or tshark
if command -v capinfos &> /dev/null; then
RAW_PACKET_COUNT=$(capinfos -c "$TEMP_PCAP" 2>/dev/null | grep "^Number of packets:" | awk '{print $4}' || echo "0")
echo "Raw packets in pcap file: $RAW_PACKET_COUNT"
else
# Fallback: use tshark to count packets
RAW_PACKET_COUNT=$(tshark -q -r "$TEMP_PCAP" -n -T fields -e frame.number 2>/dev/null | tail -1 || echo "0")
if [ "$RAW_PACKET_COUNT" != "0" ] && [ -n "$RAW_PACKET_COUNT" ]; then
echo "Raw packets in pcap file: $RAW_PACKET_COUNT"
else
echo "Raw packets in pcap file: (could not determine)"
fi
fi
else
echo "ERROR: Pcap file was not created: $TEMP_PCAP"
exit 1
fi
# Now parse the pcap file to extract fields # Now parse the pcap file to extract fields
# Use -Y filter to only process frames that have RA/TA to avoid field errors # Use -Y filter to only process frames that have RA/TA to avoid field errors
CAPTURE_OUTPUT=$(tshark -q -r "$TEMP_PCAP" -n -T fields \ CAPTURE_OUTPUT=$(tshark -q -r "$TEMP_PCAP" -n -T fields \