How to schedule tcpdump to run for a specific period of time?

Question

Each time, when I manually run tcpdump, I have to use Ctrl+C to stop it. Now I want to schedule my tcpdump with cronjob and I onl

Answer 1

The approach that worked best for me on Ubuntu 14.04

sudo -i
crontab -e

and then add the line

30 17 * * * /usr/sbin/tcpdump -G 12600 -W 1 -s 3000 -w /home/ubuntu/capture-file.pcap port 5060 or portrange 10000-35000

Notes

• -G flag indicate number of second for dump to run, this example runs daily from 5:30 PM to 9:00 PM
• -W is the number of iterations tcpdump will execute
• Cron job will not be added until you save and exit the file
• This example is for capturing packets of an Asterisk phone server