Menu
Each time, when I manually run tcpdump, I have to use Ctrl+C to stop it. Now I want to schedule my tcpdump with cronjob and I only need it to run for 1 and half hours. Without manually running Ctrl+C or kill command, how can it be stopped automatically? Here is the command I am testing:
tcpdump -i eth0 'port 8080' -w myfile I can schedule another cronjob to kill the tcpdump process, but it seems not a good idea.
748
tcpdump allows you to specify network packets that are either using some port X as source or destination. For example, to capture DNS traffic, you can use port 53 . You could prefix the port keyword with src/dst as src port 53 or dst port 53 and filter it even further.
Normally when capturing traffic with tcpdump , it puts the network interface into promiscuous mode. When not running in promiscuous mode, the interface only receives frames destined for its own MAC address as well as broadcast and multicast addresses.
Use the Ctrl+C key combination to send an interrupt signal and stop the command. After capturing the packets, tcpdump will stop.
You can combine -G {sec} (rotate dump files every x seconds) and -W {count} (limit # of dump files) to get what you want:
tcpdump -G 15 -W 1 -w myfile -i eth0 'port 8080' would run for 15 seconds and then stop. Turn 1.5 hours into seconds and it should work.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
