Wednesday, 28 March 2007

Init script for tshark

I need to capture packets in a network for post-mortem analysis. I wanted tshark to start upon boot on a Debian etch-testing but couldn't find a start script for it. I used snort's as a basis to write my own. Just make sure you change the DAEMON_OPTIONS to suit your own needs.




#!/bin/sh -e

test $DEBIAN_SCRIPT_DEBUG && set -v -x

DAEMON=/usr/bin/tshark
DAEMON_OPTIONS="-q -i eth0 -b files:80 -b filesize:512000 -w rawcapture"
DAEMON_PATH="/root/capture/"
# tshark does not create pid file
#PIDFILE=/var/run/tshark.pid
NAME=tshark

DESC="WireShark packet capture program"

test -x $DAEMON || exit 0

check_log_dir() {
# TODO: get fussy with existing log files
return 0
}

case "$1" in
start)
echo -n "Starting $DESC: "

if ! check_log_dir; then
echo " will not start $DESC!"

exit 1
fi

fail="failed (check /var/log/daemon.log)"
/sbin/start-stop-daemon --stop --signal 18 --quiet --user root --group root \
--exec $DAEMON >/dev/null &&

fail="already running"

set +e
/sbin/start-stop-daemon --start --background --quiet --chdir $DAEMON_PATH \
--exec $DAEMON -- $DAEMON_OPTIONS >/dev/null
ret=$?

set -e
case "$ret" in
0)
echo "done."

;;
*)
echo "...$fail."
myret=$(expr "$myret" + 1)

;;
esac

exit $myret
;;
stop)

echo -n "Stopping $DESC: $NAME"

/sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
--user root --group root --exec $DAEMON >/dev/null

echo "."

;;
restart)

$0 stop $interface || true
$0 start $interface || true

;;

status)
result="NOT running!"
exitval=1
/sbin/start-stop-daemon --stop --signal 18 --quiet --user root --group root \
--exec $DAEMON >/dev/null && result="running." && exitval=0

echo $DESC $result
exit $exitval
;;
*)

echo "Usage: $0 {start|stop|restart|status}"
exit 1
;;
esac

exit 0

4 comments:

Unknown said...

nice script, but I got a syntax error here:

/sbin/start-stop-daemon --stop --signal 18 --quiet --user root --group root \
--exec $DAEMON >/dev/null && result="running." && exitval=0

You probably meant:

/sbin/start-stop-daemon --stop --signal 18 --quiet --user root --group root \
--exec $DAEMON >/dev/null && result="running." & exitval=0

Anonymous said...

When i run this nothing happens? I put in all the info and changed what the user posted. and run it with start and nothing happens i then run status and says not running????

Anonymous said...

Thank you for sharing this script.

I added a few lines which my Debian is asking for (plus some free extra), added after line 1 of your script:

### BEGIN INIT INFO
# Provides: wireshark
# Required-Start: $local_fs $network $time
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: ethernet capture service on br0 interface
### END INIT INFO

Best regards,

Listad79ATjahoo.de

Lucas M said...

Hi thanks for postinng this