on
バックグランドでの tcpdump メモ
TL;DR
tcpdump コマンドの -w でファイル出力しつつ、-U オプションを指定する。
kill コマンドでは、SIGUSR2 に対応する 12 を指定する。
CI/CD などでトラシューするときにファイルへ書き出し、アーティファクトとしてアップロードすることができる。
sudo tcpdump -U -i any -nn -w dump.pcap &
pid=$!
sleep 5
<do something>
sudo kill -12 $pid
参考
-w file Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-’’. This output will be buffered if written to a file or pipe, so a program reading from the file or pipe may not see packets for an arbitrary amount of time after they are received. Use the -U flag to cause packets to be written as soon as they are received.
-U –packet-buffered (snip) If the -w option is specified, make the saved raw packet output ``packet-buffered’’; i.e., as each packet is saved, it will be written to the output file, rather than being written only when the output buffer fills.
Using the SIGUSR2 signal along with the -w flag will forcibly flush the packet buffer into the output file.