I am attempting to capture packets, gzip and overwritten oldest file when about to run of disk space: tcpdump -ni eth0 -G 180 -w 'trace_%Y-%m-%d_%H:%M:%S.pcap' -z gzip The one liner is capturing packets and zipping them but I am unable to setup a script to overwriting part. asked 09 Sep '14, 13:04  ksudi |
One Answer:
You should look into using dumpcap i.s.o. tcpdump. It's the capture engine {wire|t}shark uses to capture network traffic and write it to disk. It has multiple capture file option (-b) which can cycle files based on time, size and number of files. answered 10 Sep '14, 03:50  Jaap ♦ |
