How can I use 'tcpdump' command to capture and save each received packets to separate files (having rotatation per packet without losing any packets).
Asked
Active
Viewed 376 times
1 Answers
3
How about saving dump to a file and then splitting that to separate files?
$ sudo tcpdump -c 10 -w mycap.pcap
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Packet Tap), capture size 65535 bytes
10 packets captured
you'll need to have wireshark installed for this to work (e.g. with brew install wireshark on Mac or apt-get on Ubuntu)
$ editcap -c 1 mycap.pcap output.pcap
10 packets captured -> 10 files created
$ ls -la output* | wc -l
10
Ivan
- 3,781
- 16
- 20