How can I have tcpdump write to file and standard output the appropriate data?

Question

I want to have tcpdump write raw packet data into a file and display packet analysis in standard output as the packets are captured (by analysis I mean the lines it displays nor

Answer 1

Here's a neat way to do what you want:

tcpdump -w - | tee somefile | tcpdump -r -

What it does:

• -w - tells tcpdump to write binary data to stdout
• tee writes that binary data to a file AND to its own stdout
• -r - tells the second tcpdump to get its data from its stdin

Answer 2

If you want a way to do it without running tcpdump twice, consider:

sudo tcpdump port 80 -w $(tty) | tee /tmp/output.txt

From the interactive command prompt you could use $TTY instead of $(tty) but in a script the former wouldn't be set (though I'm not sure how common it is to run tcpdump in a script).

Side-note: it's not very Unix-y the way tcpdump by default makes you write to a file. Programs should by default write to stdout. Redirection to a file is already provided by the shell constructs. Maybe there's a good reason tcpdump is designed this way but I don't know what that is.

Answer 3

tcpdump ${ARGS} &
PID=$!
tcpdump ${ARGS} -w ${filename}
kill $PID