I want to capture some traffic with tcpdump for troubleshooting. The problem is, the error is not reproducible. To not fill up the hole disks with captures, I would like to capture the traffic with some sort of sliding window.
Let's say I write the capture to a file and when the file reaches a size of 1GB it will drop the oldest packets and write the new ones. This way I would only get the traffic for some hours but hopefully enough to have the right packets when the user calls.
I couldn't find an option for tcpdump. Has someone an idea how to solve this?
Best Answer
The -c option can help you with this:
So this would get you a circular traffic.dmp file:
If you dropped it in a for loop you could get a series of files:
. Just adjust the numbers after you figure out some number that is not to big for your disk to capture a few hours worth of packets.
-C also looks interesting: