Ubuntu
tcpdump package

tcpdump -G option command format

Asked by richardk

From the <tcpdump> manual page

       -G If specified, rotates the dump file specified with the -w option
              every rotate_seconds seconds. Savefiles will have the name
              specified by -w which should include a time format as defined by
              strftime(3). If no time format is specified, each new file will
              overwrite the previous.

              If used in conjunction with the -C option, filenames will take
              the form of ‘file<count>’.

I am running ubuntu 11.11 on my HP Probook (2.2G dual core, 2GB memory, 125G harddisk)

I try to capture the eth0 interface packets and create individual capture files every 1 min. using the following command:

# sudo tcpdump -i eth0 -s 1538 -G 60 -w tst20120323151100.cap

where the savefile format is tstyyyymmddhhmmss.cap

However, ubuntu just overwrite the captured data on the same file <tst20120323151100.cap> every 60 seconds,
it does not create individual files as mentioned in the man page.

It could be the file format is incorrect. What should be the real catpure file format I should enter ?

thanks for adv !

-ricky-

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu tcpdump Edit question
Assignee:
No assignee Edit question
Solved by:
richardk
Solved:
Last query:
Last reply:
Revision history for this message
richardk (richardkfk) said : 		#1

Hi,

After an overnight research,

I have figured out how the strftime() format should be put on the savefile.

The following will work !!

# sudo tcpdump -i eth0 -s 1538 -G 60 -w tst%y%m%d%H%M%S.cap

the capture files will be save on the harddisk every 60sec as :

t120324131811.cap
t120324131911.cap
t120324132011.cap
t120324132111.cap
...
...

cheers n regards,

-richard-