tcpdump inside a shell script captures nothing

Question

I want to start a TCP program and capture the related packets, my shell script cap.sh is as below:

    sudo tcpdump -i eth0 -w mypcap &
    sleep 3
    ./tcp_receiver
    sleep 2
    x=`ps -ef|grep "tcpdump"|grep -v "grep"|awk '{print $2}'`
    sudo kill -9 $x

I run cap.sh

    sudo ./cap.sh

so actually in this shell, I can run sudo without password and the host just a virtual slice on a remote machine (PLanetlab node) although I can see the process tcpdump from ps -ef it captures nothing I see the mypcap file is 0 bytes after the cap.sh finishes

what are potential reasons? and how to make the tcpdump in a shell script capture the packets? thanks!

score 4 · Accepted Answer · answered Apr 19 '13 at 02:11

4

Don't use kill -9. Not only is it almost always the wrong thing to do, it might be causing the problem here, by having buffered data be discarded rather than written to disk. Use plain old kill, or kill -2.

Another option is to add in the -U option to flush the output buffer after every packet.

answered Apr 19 '13 at 02:11

evil otto

10,348
25
38

1

Finding the PID by grepping the process list is also a bad idea. If there is any other instance of tcpdump, you will kill that process as well. Instead, save the PID after you start tcpdump using this answer: http://stackoverflow.com/a/1911387/138329 . – bradreaves Jun 24 '13 at 16:40

score 0 · Answer 2 · answered Apr 19 '13 at 02:26

0

One potential reason: eth0 doesn't exist in the virtualised environment.

answered Apr 19 '13 at 02:26

tink

14,342
4
46
50

tcpdump inside a shell script captures nothing

2 Answers2