0

I have a problem capturing wifi data using tcpdump while running in the background.

OK, lets get some facts:

  • my wifi-device is named wlan0
  • wlan0 is in monitor mode (that's what I want)
  • I'm using tcpdump to capture packets

If I run my script manually in the shell, it works well. Now I want to capture all packets over a long period. I decided to put my script into /etc/rc.local which is executed at the system-start.

It looks like this:

tcpdump -l -i wlan0 | do_some_action.sh >/dev/null 2>&1

After a reboot I can see that all the data captured is being forwarded to my script. So far - so good.

30-60 minutes later no data is captured anymore. tcpdump is still running, but wlan0 seems to be gone sleeping.

I have to ifdown / ifup wlan0 to get some traffic again.

Could anybody explain whats going on here and how to fix this problem?

Mitch
  • 1
  • 1
  • It might be worth redirecting STDERR to a file rather than `/dev/null`. There might be some useful information in the error messages. Or maybe redirect the STDERR from the `tcpdump` command. – Ladadadada Nov 05 '13 at 13:02
  • Thank you for your reply. I already tried to remove the redirects. There was no info- or error output at all. – Mitch Nov 05 '13 at 13:24
  • do you see any logs in /var/log/messages related to wlan0 after you start the capture ? – Nehal Dattani Nov 05 '13 at 14:12
  • Relating to wlan0 there is only one entry. This is okay i think. `kernel: device wlan0 entered promiscuous mode` – Mitch Nov 05 '13 at 14:23

0 Answers0