Monday, November 5, 2012

tcpdump & tee

This is something I always forget how to do: run a tcpdump while both looking at the packets AND writing them to a file at the same time.  I always remember it involves 'tee', but never the exact syntax.  So, here is the command:

tcpdump -i eth1 -U -w - | tee dump.pcap | tcpdump -n -r -

This will listen:
  • listen on eth1 (-i eth1)
  • Don't wait until the output buffer fills before writing packets (-U)
  • Write packets to STDOUT (-w -)
  • Read from STDIN write to file and write to STDOUT (
    tee dump.pcap)
  • Read packets from STDIN (and don't resolve names) (tcpdump -n -r -)
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)