I'm creating a multi-threaded script to SSH into various servers and run a live tcpdump on specific criteria.
The problem is I run into the issue of the tcpdump sessions continuing to run (indefinitely) after the script is killed or stops running. The SSH connection itself is killed. It's the tcpdump process on the remote computer that fails to stop running. How can I ensure the tcpdump processes are killed once the SSH connection ends? I have confirmed that running the below command (even manually) results in the tcpdump process not being killed when the SSH session is closed.
UPDATE: This seems to happen only when the tcpdump session is not actively outputting data. In other words, if I do something noisy like port 80, it closes after the SSH connection is closed. However, if the criteria is very specific (looking for a certain host or weird port), and no tcpdump output is happening, it just sits there running. I assume once it sees one packet perhaps it would close then?
Code:
ssh host '/usr/local/bin/tcpdump -i eth0 port 8043'