6

I am debugging a problem where two servers get stuck in a loop when communicates with each other. After a server restart the problem will start at some point, it can be in an hour or in a day. I want to tcpdump the traffic when the problem starts so I can find out what makes it happen.

My plan is to restart the servers then let tcpdump capture the traffic and then analyze the result. However I would like tcpdump to stop after a few thousand packets captured to avoid having to monitor it, since I don't know when the traffic will start.

Anyone having a suggestion?

ygram
  • 191
  • 1
  • 1
  • 5

2 Answers2

13

See man tcpdump:

-c Exit after receiving count packets.

faker
  • 17,496
  • 2
  • 60
  • 70
-2

Type the command below:

sudo tcpdump -i eno1 -c [size]

The argument -i eno1 tells tcpdump to listen only on the eno1 interface, and -c [size] tells tcpdump to stop capturing after [size] packages have been captured. So tcpdump -i eno1 -c 2048 will stop after 2048 packages.

Jenny D
  • 27,780
  • 21
  • 75
  • 114
bhumit
  • 1
  • you might want to add what parameter does what, especially given that the interface -i is not always named what you typed. Additionally the answer to the question is already accepted including the source so your answer seems not to add anything relevant to the question, which might be the reason you got downvoted. – Dennis Nolte Feb 07 '19 at 09:40