The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > IP Networking
Reload this Page tcpdump -w: how to reduce disk space ?
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: tcpdump -w: how to reduce disk space ?
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #2 (permalink)  
Old 07-07-2009
gratuitous_arp gratuitous_arp is offline
Registered User
  
 

Join Date: Jul 2009
Posts: 10
A few ideas:

If you're happy with what you're doing except that you also want to delete old files, use a cron job or script that runs every 10 seconds (or whatever) and deletes any file (which must at least partially match the name you specify with the -w switch) exceeding the number of Bytes you entered for the -C parameter for tcpdump.

You can use the "dst portrange" qualifier to search for packets with destination ports not exceeding 9999 (i.e., tcpdump -i eth0 dst portrange 0-9999).

If you have some script that reads these files in and parses them for information then deletes them, you could save yourself the bother of writing a file, and instead use tcpdump's -l option to enable line buffering. This will let you pipe the output of tcpdump directly into a command(s) for parsing.

Good luck.