-1

The script is as follows; When I run it manually, there is no problem but

   #!/bin/bash

/usr/bin/sudo /usr/sbin/tcpdump -i any -Z user -s 0 -v port xxx or xxx -w - | ssh root@xx.xx.xx.xx -C 'cat - > /opt/pcap/trace.`date +\%s`' .&

sleep 10
pkill tcpdump
exit

The sh -x output is as follows. What could be the problem?

cat .: Is a directory

CoskunM
  • 3
  • 3
  • 1
    Why is there a dot before `&`? – Cyrus Mar 22 '21 at 20:29
  • to work in the background – CoskunM Mar 22 '21 at 20:47
  • 2
    I did not expect this answer. Simply remove the dot. – Cyrus Mar 22 '21 at 20:58
  • the problem is cat: .: Is a directory, – CoskunM Mar 22 '21 at 21:01
  • Try this: `cat .` – Cyrus Mar 22 '21 at 21:02
  • bash: cat.: command not found – CoskunM Mar 22 '21 at 21:05
  • 1
    The original problem is that you used `.&` at the end of the command instead of just `&` -- the `.` is treated as an argument to `ssh`, which treats it as part of the remote command to execute, where it gets treated as an argument to `cat`, which treats it as a filename to read from... and gets an error because it's a directory. Just remove the `.` (and in the `cat .` command, the space between `cat` and `.` is important). – Gordon Davisson Mar 22 '21 at 21:17
  • still getting error with date=`date +\%s` /usr/sbin/tcpdump -i any -Z username-s 0 -v port 123 or 321 or 16000 -w - | ssh root@10.94.xx.xx -C cat - > "/opt/pcap/deneme/deneme_$date.pcap" – CoskunM Mar 22 '21 at 21:22
  • /opt/pcap/deneme/deneme_1616448090.pcap: No such file or directory – CoskunM Mar 22 '21 at 21:23
  • You removed the quotes around the remote command (specifically the `>`), so the local shell is trying to do the `> "/opt/pcap/deneme/deneme_$date.pcap"` part on the local computer... and that directory doesn't exist there. – Gordon Davisson Mar 22 '21 at 23:07
  • i have tried command below, but still can not resolve my problem. Your point is right the directory on remote server but command trying to find that directory in local. How can i solve this problem ? Can you please write me fixed command ? /usr/sbin/tcpdump -i any -Z username-s 0 -v port 123 or 321 or 12345-w - | ssh root@10.94.xx.xx -C "cat - > /opt/pcap/deneme/deneme_$date.pcap" – CoskunM Mar 22 '21 at 23:37

1 Answers1

0

Here's the corrected version:

/usr/bin/sudo /usr/sbin/tcpdump -i any -Z user -s 0 -w - -v port xxx or xxx | ssh root@xx.xx.xx.xx -C 'cat - > "/opt/pcap/trace.$(date +\%s)"' &

The original version had two problems, the stray . character before & at the end, and the -w - option to tcpdump being after the filter expression (options must come before the expression):

/usr/bin/sudo /usr/sbin/tcpdump -i any -Z user -s 0 -v port xxx or xxx -w - | ssh root@xx.xx.xx.xx -C 'cat - > /opt/pcap/trace.`date +\%s`' .&
                                                        problems here: ^^^^                                                       and here: ^

I also replaced the backticks with $( ), which is cleaner in a couple of ways, and put double-quotes around the resulting filename (not strictly necessary, but good general practice for something that contains a command or variable substitution).

The versions you tried in the comments had a couple of additional problems due to missing spaces: -Z username-s 0 instead of -Z username -s 0 and 12345-w - instead of 12345 -w -. Spaces are important delimiters in shell syntax, so be careful not to add or remove them unless you know it's safe in that specific place. Here, it would've been ok to remove the spaces between an option and its argument (e.g. -Zusername -s0 instead of -Z username -s 0), but removing a space between an argument and the next option causes chaos.

Gordon Davisson
  • 107,068
  • 14
  • 108
  • 138