Shell scripts using tcpdump

Posted on 2007-07-19
Last Modified: 2013-12-26
I need to write a script that executes tcpdump, writing the contents to a file, and then another which terminates tcpdump, and then use cron to have them execute at a specific time.  So far, I have the following for the first script:

today=`date +%Y%m%d`
tcpdump -i eth0 -s -w ${today}.cap

The scripts are executed on an old PC serving as a firewall in the house, so I don't mind having a program running all day and being unable to access  the prompt (I don't even have a monitor attached to it.)  The only problem is, the script continues running, so the Ctrl + X combination won't give you a clean exit from TCP dump, it does nothing.  Any ideas?
Question by:paulzeromi
    LVL 30

    Expert Comment

    by:Kerem ERSOY

    I thinkk this option -s must be in error. You need to have a snaplen or just remove the option while the default 68 bytes are suffficient.

    In fact while script is running yo can safely hit Ctrl + C and tcpdump will close files and cleanly exit. What else do you want to get ? Do you need several files for each for each hour ? Why do you want to use cron here ?


    Author Comment

    In reference to -s, i mistyped above.  It should be followed by 1500, to ensure that tcpdump doesn't cut a packet short.

    I wanted to use cron so that I could have the script execute during peak usage hours, a time when I am unfortunately away from my desk for extended periods.  That way, I can analyze the packet data later on if there is an issue.  My plan was to have the script discussed above executed at 8, and then to have another script run at 5 which terminated the tcpdump. In another issue, how can I have a shell script emulate a keystroke, Ctrl+C in this case, to terminate a program?
    LVL 30

    Accepted Solution

    You dont need to emulate a Ctrl + C

    Just run the firstcript at 5:00 then create another script:
    /usr/bin/killall tcpdump

    Run this one at 8:00 so that it will quit the script.
    LVL 30

    Expert Comment

    by:Kerem ERSOY
    The scripts that are executing in the backgroud, started in cron are not assigned to a terminal so they will do nothing with an emulated Ctrl +C. Ctrl + C is a fucntion of your shell to terminate the foreground task. So it is useless in this sense.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    If you use Adobe Reader X it is possible you can't open OLE PDF documents in the standard. The reason is the 'save box mode' in adobe reader X. Many people think the protected Mode of adobe reader x is only to stop the write access. But this fe…
    Background Still having to process all these year-end "csv" files received from all these sources (including Government entities), sometimes we have the need to examine the contents due to data error, etc... As a "Unix" shop, our only readily …
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now