Find the answer to your Linux question:
Results 1 to 2 of 2

Thread: tcpdump script

Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    tcpdump script

    Hi all,

    I'm terribly new to linux and have been tasked to do a few things with a machine running debian. The purpose of it is to do packet captures on customer sites for my job. I have a NIC in a PCI-e slot that has four extra interfaces. Basically I need to be able to have tcpdump start capturing from any or all of the 4 interfaces when they are brought up (I have them all up when the system boots). I've tried various things but I'm having a tough time doing it. The parameters by which we want to capture are | tcpdump -ni eth? -w cap-$(date +%Y%m%d%k%M%S)-eth? -C 500 &

    Does anyone have any suggestions for me? I've been beating my head against the wall for the last two days and I'm basically looking for anything that would help.

  2. #2
    your tcpdump command looks okay. what is your problem exactly? is it having the tcpdumps start at system boot? if so, try creating an initscript containing all your tcpdump commands and put it where debian will execute it.

    here's an example script:
    start() {
      tcpdump -ni eth0 -w /tmp/cap0.log -C 500 &
      tcpdump -ni eth1 -w /tmp/cap1.log -C 500 &
      tcpdump -ni eth2 -w /tmp/cap2.log -C 500 &
      tcpdump -ni eth3 -w /tmp/cap3.log -C 500 &
    case $1 in
        echo "Usage: $0 {start}"
        exit 1
    call it "tcpdumper" and put it in the /etc/init.d/ directory. make it executable:
    chmod +x /etc/init.d/tcpdumper
    Test if from the command line, e.g.:
    /etc/init.d/tcpdumper start
    then follow the steps here for making Debian startup process aware of it. look under the section labeled 11.6.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts