Why I need to run tcpdump with cron?
Sometimes problems happens while we are sleeping and disappear without any intervention in the morning.
Unfortunately we are missing diagnosis data to drive the proper root cause analysis.
And of course even we are praying that those problems don’t come back, they will come back.
So prepare yourself to take a tcpdump during the night and collect data! You can do it with the crontab!
What is needed?
The best option is to take the tcpdump with 2 scripts which are scheduled with the crontab.
- First script to start the tcpdump
- Second script to stop the tcpdump
Scripts
To get the tcpdump running you can use following command within your first bash script (You can also refer to my previous article.)
/usr/sbin/tcpdump -i $SET_INTERFACE -s0 -w “$SAVE_IN_FOLDER/$SAVE_AS_FILE”
To stop the tcpdump after a specific period of time you can use the following part in your second bash script:
#Stop tcpdump command
PID=$(/usr/bin/ps -ef | grep tcpdump | grep -v grep | grep -v “.sh” | awk ‘{print $2}’)
/usr/bin/kill -9 $PID
You can find all scripts also here:
https://github.com/DanielSchwartz1/tcpdump
The scripts are called: tcpdump_getdata.sh & tcpdump_stop.sh
Crontab
This is the crontab for an example tcpdump which starts at 02:00am and stops at 02:05am.
0 2 * * * bash /tmp/tcpdump_getdata.sh
5 2 * * * bash /tmp/tcpdump_stop.sh
Summary
The crontab can be very useful when you need to gather diagnosis data during a time you are not available (e.g. when you sleep).
With the scripts on my GitHub repository you should be able to take a tcpdump without problems.
If you want to know more about it, join my Slack Workspace or send me an email.
Stay up-to-date and subscribe to my Newsletter!
1 thought on “Schedule TCPDUMP with CRON”