How to schedule tcpdump to run for a specific period of time?

Gary picture Gary · Sep 8, 2014 · Viewed 73.6k times · Source

Each time, when I manually run tcpdump, I have to use Ctrl+C to stop it. Now I want to schedule my tcpdump with cronjob and I only need it to run for 1 and half hours. Without manually running Ctrl+C or kill command, how can it be stopped automatically? Here is the command I am testing:

tcpdump -i eth0 'port 8080' -w  myfile

I can schedule another cronjob to kill the tcpdump process, but it seems not a good idea.

Answer

Paul Rubel picture Paul Rubel · Sep 8, 2014

You can combine -G {sec} (rotate dump files every x seconds) and -W {count} (limit # of dump files) to get what you want:

tcpdump -G 15 -W 1 -w myfile -i eth0 'port 8080'

would run for 15 seconds and then stop. Turn 1.5 hours into seconds and it should work.