Why doesn't tcpdump run in background?
I'm not sure what you're trying to accomplish by having the startup script itself continue to run, but here's an approach that I think accomplishes what you're trying to do, namely start tcpdump
and have it continue to run immune to hangups via nohup
. I've simplified things a bit for illustrative purposes - feel free to add any variables back as you see fit, such as the nohup.out
output directory, TIMESTAMP
, etc.
Script #1: tcpdump_start.sh
#!/bin/shrm -f nohup.outnohup /usr/sbin/tcpdump -ni eth0 -s 65535 -w file_result.pcap &# Write tcpdump's PID to a fileecho $! > /var/run/tcpdump.pid
Script #2: tcpdump_stop.sh
#!/bin/shif [ -f /var/run/tcpdump.pid ]then kill `cat /var/run/tcpdump.pid` echo tcpdump `cat /var/run/tcpdump.pid` killed. rm -f /var/run/tcpdump.pidelse echo tcpdump not running.fi
To start tcpdump, just run tcpdump_start.sh
.
To stop the tcpdump instance started with tcpdump_start.sh
, just run tcpdump_stop.sh
.
The captured packets will be written to the file_result.pcap file, and yes, it's a pcap file, not a text file, so it helps to name it with the proper file extension. The tcpdump statistics will be written to the nohup.out file when tcpdump is terminated.
I too had faced problems when running tcpdump over an SSH session.In my case, I was running
sudo nohup tcpdump -w {pcap_dump_file} {filter} > /dev/null 2>&1 &
Where, running this command over Paramiko SSH session as a background process was the problem.
To get around this, I used screen utility of Linux.screen is an easy to use tool for long-running of processes as a service.