Sunday, May 1, 2016

Rotating traffic captures using tcpdump

To avoid creating large traffic captures using tcpdump, there are couple of interesting switches in tcpdump command which enable one to create rotating traffic captures, compress it on the fly etc.

ni :specifies the network interface on which to capture traffic
-s :; indicates a capture of the full size of the packet
-vvv : verbose
-w  :  indicates the file name and location in which the capture will be saved
-C  :  indicates the size of each file, after reaching this size file will be rotated
-W  :  indicates the number of files that will be stored
-z  :  to compress the file


For example,

tcpdump -ni eth1 -C 20 -z gzip -w /tmp/trace.pcap

This would create a file named trace.pcap...diameter.pcapX. After 20MB of data, (-C 20) tcpdump would create a file named diameter.pcapX and so on. and compress the capture files after tcpdump finished writing to them.

tcpdump -pni eth0 -s0 -C 100 -W 10 -w /tmp/capture

In this example, tcpdump starts capturing into capture1 until it reaches capture10. When it filled up capture10 with 100MB of data, it starts again, overwriting capture1. This way, your captures
will never use more then 1000MB of disk space.

4 comments:


  1. Everything is fine, am happy about your blog. Thanks admin for sharing the unique content, you have done a great job I appreciate your effort and I hope you will get more positive comments from the web users.

    SEO Company in Chennai

    ReplyDelete

  2. Great and useful article. Creating content regularly is very tough. Your points are motivated me to move on.


    SEO Company in Chennai

    ReplyDelete
  3. Thanks for this blog. provided great information. All the details are explained clearly with the great explanation. Thanks for this wonderful blog. Step by step processes execution are given clearly.Know the details about different thing.
    Web Development Company in India

    ReplyDelete

  4. Its a wonderful post and very helpful, thanks for all this information. You are including better information regarding this topic in an effective way.Thank you so much

    Personal Installment Loans
    Payday Cash Advance loan
    Title Car loan
    Cash Advance Loan

    ReplyDelete