Why doesn't tcpdump run in background?

I'm not sure what you're trying to accomplish by having the startup script itself continue to run, but here's an approach that I think accomplishes what you're trying to do, namely start tcpdump and have it continue to run immune to hangups via nohup. I've simplified things a bit for illustrative purposes - feel free to add any variables back as you see fit, such as the nohup.out output directory, TIMESTAMP, etc.

Script #1: tcpdump_start.sh

#!/bin/shrm -f nohup.outnohup /usr/sbin/tcpdump -ni eth0 -s 65535 -w file_result.pcap &# Write tcpdump's PID to a fileecho $! > /var/run/tcpdump.pid

Script #2: tcpdump_stop.sh

#!/bin/shif [ -f /var/run/tcpdump.pid ]then        kill `cat /var/run/tcpdump.pid`        echo tcpdump `cat /var/run/tcpdump.pid` killed.        rm -f /var/run/tcpdump.pidelse        echo tcpdump not running.fi

To start tcpdump, just run tcpdump_start.sh.
To stop the tcpdump instance started with tcpdump_start.sh, just run tcpdump_stop.sh.

The captured packets will be written to the file_result.pcap file, and yes, it's a pcap file, not a text file, so it helps to name it with the proper file extension. The tcpdump statistics will be written to the nohup.out file when tcpdump is terminated.

I too had faced problems when running tcpdump over an SSH session.In my case, I was running

sudo nohup tcpdump -w {pcap_dump_file} {filter} > /dev/null 2>&1 &

Where, running this command over Paramiko SSH session as a background process was the problem.

To get around this, I used screen utility of Linux.screen is an easy to use tool for long-running of processes as a service.