[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Shell scripts using tcpdump

Posted on 2007-07-19
Medium Priority
Last Modified: 2013-12-26
I need to write a script that executes tcpdump, writing the contents to a file, and then another which terminates tcpdump, and then use cron to have them execute at a specific time.  So far, I have the following for the first script:

today=`date +%Y%m%d`
tcpdump -i eth0 -s -w ${today}.cap

The scripts are executed on an old PC serving as a firewall in the house, so I don't mind having a program running all day and being unable to access  the prompt (I don't even have a monitor attached to it.)  The only problem is, the script continues running, so the Ctrl + X combination won't give you a clean exit from TCP dump, it does nothing.  Any ideas?
Question by:paulzeromi
  • 3
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 19526269

I thinkk this option -s must be in error. You need to have a snaplen or just remove the option while the default 68 bytes are suffficient.

In fact while script is running yo can safely hit Ctrl + C and tcpdump will close files and cleanly exit. What else do you want to get ? Do you need several files for each for each hour ? Why do you want to use cron here ?


Author Comment

ID: 19526342
In reference to -s, i mistyped above.  It should be followed by 1500, to ensure that tcpdump doesn't cut a packet short.

I wanted to use cron so that I could have the script execute during peak usage hours, a time when I am unfortunately away from my desk for extended periods.  That way, I can analyze the packet data later on if there is an issue.  My plan was to have the script discussed above executed at 8, and then to have another script run at 5 which terminated the tcpdump. In another issue, how can I have a shell script emulate a keystroke, Ctrl+C in this case, to terminate a program?
LVL 30

Accepted Solution

Kerem ERSOY earned 1400 total points
ID: 19526430
You dont need to emulate a Ctrl + C

Just run the firstcript at 5:00 then create another script:
/usr/bin/killall tcpdump

Run this one at 8:00 so that it will quit the script.
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 19526449
The scripts that are executing in the backgroud, started in cron are not assigned to a terminal so they will do nothing with an emulated Ctrl +C. Ctrl + C is a fucntion of your shell to terminate the foreground task. So it is useless in this sense.

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month20 days, 3 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question