问题
Each time, when I manually run tcpdump, I have to use Ctrl+C to stop it. Now I want to schedule my tcpdump with cronjob and I only need it to run for 1 and half hours. Without manually running Ctrl+C or kill command, how can it be stopped automatically? Here is the command I am testing:
tcpdump -i eth0 'port 8080' -w myfile
I can schedule another cronjob to kill the tcpdump process, but it seems not a good idea.
回答1:
You can combine -G {sec} (rotate dump files every x seconds) and -W {count} (limit # of dump files) to get what you want:
tcpdump -G 15 -W 1 -w myfile -i eth0 'port 8080'
would run for 15 seconds and then stop. Turn 1.5 hours into seconds and it should work.
回答2:
you could use timeout
timeout 5400 tcpdump -i eth0 'port 8080' -w myfile
回答3:
You could do it like this:
tcpdump -i eth0 'port 8080' -w myfile &
pid=$!
sleep 1.5h
kill $pid
回答4:
The approach that worked best for me on Ubuntu 14.04
sudo -i
crontab -e
and then add the line
30 17 * * * /usr/sbin/tcpdump -G 12600 -W 1 -s 3000 -w /home/ubuntu/capture-file.pcap port 5060 or portrange 10000-35000
Notes
- -G flag indicate number of second for dump to run, this example runs daily from 5:30 PM to 9:00 PM
- -W is the number of iterations tcpdump will execute
- Cron job will not be added until you save and exit the file
- This example is for capturing packets of an Asterisk phone server
来源:https://stackoverflow.com/questions/25731643/how-to-schedule-tcpdump-to-run-for-a-specific-time-of-period