How to schedule tcpdump to run for a specific period of time?

Question

Each time, when I manually run tcpdump, I have to use Ctrl+C to stop it. Now I want to schedule my tcpdump with cronjob and I onl

Answer 1

You can use

watch tcpdump -i eth0 'port 8080' -w  myfile

This will run every 2 seconds.

Answer 2

You could do it like this:

tcpdump -i eth0 'port 8080' -w  myfile & 
pid=$!
sleep 1.5h
kill $pid

Answer 3

you could use timeout

timeout 5400 tcpdump -i eth0 'port 8080' -w myfile

Answer 4

The approach that worked best for me on Ubuntu 14.04

sudo -i
crontab -e

and then add the line

30 17 * * * /usr/sbin/tcpdump -G 12600 -W 1 -s 3000 -w /home/ubuntu/capture-file.pcap port 5060 or portrange 10000-35000

Notes

• -G flag indicate number of second for dump to run, this example runs daily from 5:30 PM to 9:00 PM
• -W is the number of iterations tcpdump will execute
• Cron job will not be added until you save and exit the file
• This example is for capturing packets of an Asterisk phone server

Answer 5

You can combine -G {sec} (rotate dump files every x seconds) and -W {count} (limit # of dump files) to get what you want:

tcpdump -G 15 -W 1 -w myfile -i eth0 'port 8080'

would run for 15 seconds and then stop. Turn 1.5 hours into seconds and it should work.