How to capture last N seconds of packets using tcpdump

tcpdump

How can I capture the last N seconds of packets using tcpdump?


If you just want tcpdump to run for n seconds and then quit, you could use timeout.

For example:

timeout 2 tcpdump -eni mon0

Otherwise I don't believe tcpdump has an option to do this.


I think the best way to accomplish this is with tcpdump's -G flag, which, when used with -w, will save your dump to a new file every N seconds. For instance:

tcpdump -w outfile-%s -G 10

This will create a new file with the name of 'outfile-XXXX' (where XXXX represents the number of seconds since epoch) every 10 seconds.

See the man pages for tcpdump(8) and strftime(3) for additional details.

Related

Start bash shell (cygwin) with correct path without changing directory
How to kill a zombie process on a mac
Incorrect keyboard mapping on Ubuntu under VirtualBox
How to make a file non-deletable on an USB drive?
Why is my crontab not running
What about IPv4 class E?
Partition used and available size in bytes
ATX power: 20 or 24 pins?
Extract and overwrite existing files
Is it possible to use yum to install a RPM file in Red Hat Linux?
How to restart launchd OS X without rebooting?
How to disconnect a network drive using powershell