How can I have tcpdump write to file and standard output the appropriate data?

Here's a neat way to do what you want:

tcpdump -w - -U | tee somefile | tcpdump -r -

What it does:

-w - tells tcpdump to write binary data to stdout
-U tells tcpdump to write each packet to stdout as it is received, rather than buffering them and outputting in chunks
tee writes that binary data to a file AND to its own stdout
-r - tells the second tcpdump to get its data from its stdin

Since tcpdump ~~4.9.3~~ 4.99.0, the --print option can be used:

tcpdump -w somefile --print

Wednesday, December 30, 2020, by [email protected], denis and fxl.
  Summary for 4.99.0 tcpdump release
    [...]
    User interface:
      [...]
      Add --print, to cause packet printing even with -w.

How can I have tcpdump write to file and standard output the appropriate data?

Tags:

Linux

Tcpdump

Related

Recent Posts