Find the answer to your Linux question:
Results 1 to 2 of 2
Hi all, I'm terribly new to linux and have been tasked to do a few things with a machine running debian. The purpose of it is to do packet captures ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2012
    Posts
    1

    tcpdump script


    Hi all,

    I'm terribly new to linux and have been tasked to do a few things with a machine running debian. The purpose of it is to do packet captures on customer sites for my job. I have a NIC in a PCI-e slot that has four extra interfaces. Basically I need to be able to have tcpdump start capturing from any or all of the 4 interfaces when they are brought up (I have them all up when the system boots). I've tried various things but I'm having a tough time doing it. The parameters by which we want to capture are | tcpdump -ni eth? -w cap-$(date +%Y%m%d%k%M%S)-eth? -C 500 &

    Does anyone have any suggestions for me? I've been beating my head against the wall for the last two days and I'm basically looking for anything that would help.

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    your tcpdump command looks okay. what is your problem exactly? is it having the tcpdumps start at system boot? if so, try creating an initscript containing all your tcpdump commands and put it where debian will execute it.

    here's an example script:
    Code:
    #!/bin/bash
    
    start() {
      tcpdump -ni eth0 -w /tmp/cap0.log -C 500 &
      tcpdump -ni eth1 -w /tmp/cap1.log -C 500 &
      tcpdump -ni eth2 -w /tmp/cap2.log -C 500 &
      tcpdump -ni eth3 -w /tmp/cap3.log -C 500 &
    }
    
    case $1 in
      start)
        start
        ;;
      *)
        echo "Usage: $0 {start}"
        exit 1
    esac
    call it "tcpdumper" and put it in the /etc/init.d/ directory. make it executable:
    Code:
    chmod +x /etc/init.d/tcpdumper
    Test if from the command line, e.g.:
    Code:
    /etc/init.d/tcpdumper start
    then follow the steps here for making Debian startup process aware of it. look under the section labeled 11.6.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •