sshd,30982
  --bash,30983
      --su,31002
          --bash,31003
              --my.pl,6893 ./my.pl debug
                  --sh,6934 -c ...
                       --tcpdump,6935
                  --my.pl,6933 ./my.pl debug

##</code><code>##

while ( $counter < 31 ) {
        my $snoop_running = 1;
        for my $p ( @{ $ps->table } ) {
            if (   ( $p->pid == $snoop_pid )
                && ( $p->ppid == getpgrp($fork_pid) )
                && ( ( $p->cmndline ) =~ '$snoop_cmd' ) )
            {
                $snoop_running = 0;
                print "packet capture still running (", $p->pid, ") ",
                  $p->cmndline, "\n"
                  if (( $debug eq 0 ) && (( $p->cmndline ) =~ '$snoop_cmd' ));
            }
        }
        if ( $snoop_running == 1 ) {

            #snoop must have finished already
            for my $p ( @{ $ps->table } ) {
                kill 9, ( $p->pid ) if ( $p->ppid == getpgrp($fork_pid) );
            }
            last;
        }
$counter++;
sleep 1;