How to capture tcpdump to a compress file in linux

linux compression tcpdump bzip2 bz2
Yasiru G picture Yasiru G · May 19, 2016 · Viewed 7.5k times · Source

I have a DNS server and I want to capture DNS traffic to get all the IPs which use my DNS server.

For this I start using following tcpdump command and capture them to a file:

tcpdump -n -i eth0 dst port 53 >> dns_data.log

But the file size is high when I run this for long time. How can I capture this to a compress file? I tried below command but its not working.

tcpdump -n -i eth0 dst port 53 | bzip2 -c >> dns_data.bz2

Answer

Anatoliy Orlov picture Anatoliy Orlov · May 19, 2016

Try something like tcpdump -G 3600 -w 'trace_%Y-%m-%d_%H:%M:%S.pcap' -z gzip

-G N means rotate every N (3600) seconds. -z command means run command(gzip) after rotation.

Related questions

Split files using tar, gz, zip, or bzip2

I need to compress a large file of about 17-20 GB. I need to split it into several files of around 1GB per file. I searched for a solution via Google and found ways using split and cat commands. But …

Read More
Excluding directory when creating a .tar.gz file

I have a /public_html/ folder, in that folder there's a /tmp/ folder that has like 70gb of files I don't really need. Now I am trying to create a .tar.gz of /public_html/ excluding /tmp/ This is the …

Read More
How to send a compressed archive that contains executables so that Google's attachment filter won't reject it

I have a directory that I want to compress to send it by e-mail, I've tried this: tar -cvf filename.tar.gz directory_to_compress/ But when I try to send it by e-mail, Google says: filename.tar.gz contains …

Read More