This is an old revision of the document!
Tcpdump
General Information
Capturing packets with tcpdump
Checklist
- tcpdump package installed
Max File Size, Log Rotate Capture
This type of capture is intended for collecting packets for an extended period of time and limiting how much disk space is used.
tcpdump port 80 -s 0 -vvv -C 100 -W 50 -w /tmp/mycapture.pcap
Explanation
- port 80 : Capture on port 80
- -s 0 : Capture all packet contents
- -vvv : Max verbose logging details
- -C 100 : Store up to 100 MBs of data per file
- -W 50 : Store 50 rollover files, then start over writing. (mycapture.pcap00 - mycapture.pcap49)
- -w /tmp/mycapture.pcap : location and name of capture log(s)
100 MB per file x 50 rollover files = 5000 MB total disk space used.