How to rotate tcpdump captured files such that multiple small dump files will get saved instead of single large file ?

Solution Verified - Updated -

Issue

  • Sometime the problem which needs to be debug using packet capture/tcpdump cannot be reprodued on will. Having tcpdump running for some long time till the problem happens again will create the capture file/.pcap file of several MiB/GiB, which will really be hard to open and handle in Wireshark.
  • So to tackle this sitution, how to do packet capture by tcpdump such that the dump files will get rotated and multiple small dump files will get saved instead of a single large file until the problem happens ?

Environment

  • Red Hat Enterprise Linux (RHEL), all versions
  • tcpdump

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content