Results 1 to 2 of 2
I've been instructed to capture packet traces. So I'll log on to my linux box, and run the following command:
tcpdump port 80 -n -w packettrace.out -C 50 -W 100
...
- 12-21-2009 #1Just Joined!
- Join Date
- Dec 2009
- Posts
- 1
tcpdump - how to turn off
I've been instructed to capture packet traces. So I'll log on to my linux box, and run the following command:
tcpdump port 80 -n -w packettrace.out -C 50 -W 100
As far as I can tell, this will give me all HTTP packets in a file, max file size 50MB, max files 100. My question is, once I'm done, how do I turn this off? Will it stop when I log off? In the same vein, do I need to stay logged on to my linux box as long as I want the trace running?
- 12-22-2009 #2Linux Guru
- Join Date
- May 2009
- Location
- Munich
- Posts
- 2,096
man tcpdump
explains, that -W will use up the maximum number of files, then start all over with the first one.
You can stop this by pressing <Ctrl>+<c>.
To have it run even after logging out, I would use screen
screen
tcpdump port 80 -n -w packettrace.out -C 50 -W 100
<Ctrl>+<a>, <d>
List all screen sessions:
screen -list
Re-attach:
screen -r <NUMBER_GIVEN_BY_SCREEN_LIST>
How to properly name a screen session, ie not just a number, is left as an exercise for the reader of
man screen
You must always face the curtain with a bow.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts