LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-13-2014, 11:09 PM   #1
bigbot
LQ Newbie
 
Registered: Sep 2010
Posts: 6

Rep: Reputation: 0
Live Tcpdump over SSH


I'm creating a multi-threaded script to SSH into various servers and run a live tcpdump on specific criteria.

The problem is I run into the issue of the tcpdump sessions continuing to run (indefinitely) after the script is killed or stops running. The SSH connection itself is killed. It's the tcpdump process on the remote computer that fails to stop running. How can I ensure the tcpdump processes are killed once the SSH connection ends? I have confirmed that running the below command (even manually) results in the tcpdump process not being killed when the SSH session is closed.

UPDATE: This seems to happen only when the tcpdump session is not actively outputting data. In other words, if I do something noisy like port 80, it closes after the SSH connection is closed. However, if the criteria is very specific (looking for a certain host or weird port), and no tcpdump output is happening, it just sits there running. I assume once it sees one packet perhaps it would close then?

Code:
ssh host '/usr/local/bin/tcpdump -i eth0 port 8043'

Last edited by bigbot; 04-13-2014 at 11:14 PM.
 
Old 04-14-2014, 01:27 AM   #2
bigbot
LQ Newbie
 
Registered: Sep 2010
Posts: 6

Original Poster
Rep: Reputation: 0
Figured it out using the SSH option -t
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
tcpdump over ssh works only some times pingu Linux - Networking 1 01-31-2012 09:19 AM
[SOLVED] tcpdump sniffing encrypted ssh connections metallica1973 Linux - Server 5 09-14-2011 04:37 PM
Help understanding tcpdump and ssh security vonedaddy Linux - Security 2 07-10-2010 02:06 PM
[DD-WRT] Reading TCP-Packets via TCPDUMP trough SSH zeroXcool Linux - Networking 6 03-05-2009 02:14 PM
tcpdump loops in ssh jmARC Linux - Software 3 03-15-2005 09:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration