Find the answer to your Linux question:
Results 1 to 3 of 3
Hey Guys , I came here just to seek some help regarding Tcpdump in Linux . I have certain specific requirements and would be good if any of you can ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2010
    Posts
    2

    Question Need help with Tcpdump in Linux


    Hey Guys ,

    I came here just to seek some help regarding Tcpdump in Linux . I have certain specific requirements and would be good if any of you can quick suggest a solution to that . Requirement is something like this :

    We are having a Linux box with Tcpdump continuously running on it to monitor bunch of sources . Separate Tcpdump process runs in a background for each host for monitoring traffic . I use -w option with it to save the capture in the pcap format to analyze it later .

    Now what I need is , if the Linux machine gets rebooted amidst of its packet capturing activity , I want tcpdump to automatically start the process again for every host without overwriting previous captures . Remember : Without overwriting previous captures . .

    Basically , I will be keeping all the tcpdump commands in the shell script and will load the script at startup during the linux boot . Is there any way to achieve this case , where by on rebooting , Tcpdump does not overwrite previous captures ? ..

    Can somebody quickly suggest some scripting technique to achieve this ?

    Thanks in advance .

  2. #2
    Linux Newbie
    Join Date
    Apr 2007
    Posts
    119
    At the beginning of the script, archive any previous files that may be there before the tcpdump starts.

  3. #3
    Just Joined!
    Join Date
    Jul 2010
    Posts
    2
    Thanks for the reply buddy...

    I just forgot to document one more requirement ..Infact tcpdump should be never overwriting any of the captures taken from the same source ..Even if the script goes on for ever without machine getting rebooted... ..

    I think I 've got the solution to this ..We can basically have the tcpdump with -w option as ( src host + date time stamp )....

    I am checking to see if this works

    Thanks again..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •