-   Linux - Newbie (
-   -   how to kill tcpdump execution after data transmission is complete? (

omega341991 06-07-2012 08:22 AM

how to kill tcpdump execution after data transmission is complete?
how can i kill(stop) a tcpdump capture after a test device transmitting the data has stopped trasnmission?
i cannot specify the count as

tcpdump -c 1000

i dont want it this way

suppose that a device is transmitting 1000 packets, i want to stop the capture process after the transmission of the 1000 packets is complete and as i said before i dont want to limit the capture process at the tcpdump capture

awaiting reply :)

acid_kewpie 06-07-2012 08:46 AM

you kill the process somehow. You know when the transfer is complete right? So just pkill the tcpdump process as the next line in a wrapper script or some such.

omega341991 06-08-2012 01:20 AM

i dont know when the transfer is complete. That is the problem. Earlier i used a "timeout " to kill the process, but i found that it is not efficient at all. hence i am lookin for some other way to stop the dump process. Can i kill the process if no packets are received?
The tcpdump goes idle when there is no data reception. So can i use this aspect somehow to kill the dump process?

Please reply

acid_kewpie 06-08-2012 02:52 AM

not within tcpdump itself, no. you could look at the size or age of the capture file though maybe. offhand I can't recall if a file that's still open would have its creation dates changed. but either of those angles would let you loop around until something about the output file is seen to be static, suggesting an end to the transfer.

All times are GMT -5. The time now is 09:32 AM.