How can I have tcpdump write to file and standard output the appropriate data?

linux tcpdump
user2565010 picture user2565010 · Sep 1, 2014 · Viewed 102k times · Source

I want to have tcpdump write raw packet data into a file and display packet analysis in standard output as the packets are captured (by analysis I mean the lines it displays normally when -w is missing). Can anybody please tell me how to do that?

Answer

cnicutar picture cnicutar · Sep 1, 2014

Here's a neat way to do what you want:

tcpdump -w - | tee somefile | tcpdump -r -

What it does:

  • -w - tells tcpdump to write binary data to stdout
  • tee writes that binary data to a file AND to its own stdout
  • -r - tells the second tcpdump to get its data from its stdin

Related questions

tcpdump: localhost to localhost

I write a program that send TCP packets from localhost to localhost. And I want to use tcpdump to capture the packets. But nothing is captured. My command in Ubuntu: sudo tcpdump What argument shall I add? Thanks!

Read More
How to schedule tcpdump to run for a specific period of time?

Each time, when I manually run tcpdump, I have to use Ctrl+C to stop it. Now I want to schedule my tcpdump with cronjob and I only need it to run for 1 and half hours. Without manually running Ctrl+…

Read More
How to display all data using tcpdump?

I am capturing network traffic by using tcpdump. The problem is: I can't see all capture data when the package is too long. For example, when the tcp frame length is more than 500, I just see 100-200 or less. How …

Read More