Is there a way to explicitly set the maximum number of packets tcpdump will capture before terminating?

Question

We have a small script that essentially does the following:

A) Capture packets using tcpdump and pipe to output file.
B) Run our own clean + sort script on output file.
C) Display results using | sort | etc etc...

So, we were wondering if there is a tcpdump parameter that sets the number of packets tcpdump will capture before exiting?

Thanks.

score 2 · Accepted Answer · edited Aug 22 '22 at 12:42

2

tcpdump -c [count] is the option you're looking for.

-c flag, it will capture packets until it is interrupted by a SIGINT or SIGTERM signal or the specified number of packets have been processed.

edited Aug 22 '22 at 12:42

Alexander Suraphel

495
5
13

answered Oct 16 '13 at 12:26

jirib

1,240
8
15

Is there a way to explicitly set the maximum number of packets tcpdump will capture before terminating?

1 Answers1