This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Linux cli capture,zip and overwrite oldest capture

0

I am attempting to capture packets, gzip and overwritten oldest file when about to run of disk space:

tcpdump -ni eth0 -G 180 -w 'trace_%Y-%m-%d_%H:%M:%S.pcap' -z gzip

The one liner is capturing packets and zipping them but I am unable to setup a script to overwriting part.

asked 09 Sep '14, 13:04

ksudi's gravatar image

ksudi
11113
accept rate: 0%


One Answer:

0

You should look into using dumpcap i.s.o. tcpdump. It's the capture engine {wire|t}shark uses to capture network traffic and write it to disk. It has multiple capture file option (-b) which can cycle files based on time, size and number of files.

answered 10 Sep '14, 03:50

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%