Split pcap files automatically though tcpdump

Question

I would like to execute a tcpdump , which generates a new file after one 2GB file.
As much as I know from an other post it's not possible to generate files bigger than 2 GB.
That's the tcpdump I'm currently looking at:

tcpdump -C 100 -W 2048 -w /tmp/example.pcap

It should create a new pcap file(example.pcap00, example.pcap01) every 2GB, but it doesn't. Probably because I'm trying to write it on an external disk. So I think I need to create the files before I write tcpdump data in it.
How can I do that?
It should create new files with 2GB pcap data until the 1TB HD is full. So I cannot really use the -C option, because I don't know how much I need in advance.
What's the best way to go with my problem?

Answer 1

As much as I know from an other post it's not possible to generate files bigger than 2 GB.

That depends on the OS on which you're running, whether you're running on a 64-bit machine (for some OSes; for OS X and *BSD, it doesn't matter), the version of libpcap tcpdump is using, and how that version of libpcap was built.

tcpdump -C 100 -W 2048 -w /tmp/example.pcap

Which means "change the file you're writing to when the file gets bigger than 100 million bytes, and have no more than 2048 files". (No, -W doesn't specify the maximum file size.)

It should create a new pcap file(example.pcap00, example.pcap01) every 2GB,

No, every 100 million bytes. Read the fine manual page.

but it doesn't. Probably because I'm trying to write it on an external disk.

Why would the external disk have anything to do with this?

If "it doesn't", does that mean "it doesn't create new files, it just keeps writing to the old file" or "it reports an error and quits after writing to the first file"? If it's the latter, you might want to see the answer to this question.