我正在尝试运行 tcpdump 来捕获加密流量的标头数据包。我尝试使用基于时间的轮换捕获来执行此操作。这是我正在运行的命令。
date +%y_%m_%d_%H_%M_%Ssudo tcpdump -nnSvvtttts 300 -G 600 -i eth0 -w /home/onion/tcpdump/encrypted_.pcap
我已将 -G 缩减为 10,尝试每 10 秒创建一个新文件,只是为了验证它是否正常工作,但最终仍然只有一个文件。我误解了 -G 手册页还是我遗漏了什么?
答案1
date在您提供的代码中删除和之间的空格后+,我看到正在创建旋转的文件:
[nevin-mac-mini:~] root# tcpdump -i en0 -nvv -w /tmp/encrypted_date+%y_%m_%d_%H_%M_%S.pcap -G 10
tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C4875 packets captured
4876 packets received by filter
0 packets dropped by kernel
[nevin-mac-mini:~] root#
[nevin-mac-mini:~] root# ls /tmp/encr*
/tmp/encrypted_date+15_09_13_18_47_49.pcap
/tmp/encrypted_date+15_09_13_18_48_01.pcap
/tmp/encrypted_date+15_09_13_18_48_11.pcap
/tmp/encrypted_date+15_09_13_18_48_22.pcap
/tmp/encrypted_date+15_09_13_18_48_34.pcap
/tmp/encrypted_date+15_09_13_18_48_46.pcap
/tmp/encrypted_date+15_09_13_18_48_56.pcap
[nevin-mac-mini:~] root#
也许-G在之后有-w更重要的事情……?