This quick article is more for me to have a safe place to jot down this command so I don’t need to re-research it every time.
I want to take a packet capture with tcpdump on a server and have the file rotate every hour.
Command:
tcpdump icmp -G 3600 -W 8 -w icmp-%Y-%M-%d_%H.%M.%S.pcapLet’s break it down.
| tcpdump | The command we are executing to capture packets |
| icmp | In this example i’d only like to capture ICMP traffic |
| -G 3600 | I’d like the file to rotate every 3600 seconds (1 hour) |
| -W 8 | I’d like the application to only hold a max of 8 files |
| -w filename | The output file. In my example I have put placeholders that will print the date in the file capture |
Tony Fernandez 