How to rotate tcpdump captured files such that multiple small dump files will get saved instead of single large file ?

Solution Verified - Updated -

Issue

  • Sometime the problem which needs to be debug using packet capture/tcpdump cannot be reprodued on will. Having tcpdump running for some long time till the problem happens again will create the capture file/.pcap file of several MiB/GiB, which will really be hard to open and handle in Wireshark.
  • So to tackle this sitution, how to do packet capture by tcpdump such that the dump files will get rotate and multiple small dump files will get saved instead of single large file till the problem happens ?

Environment

  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • tcpdump

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.