Problem
As the packets are collected, I want tcpdump to write raw packet data to a file and also display packet analysis in standard output (by analysis I mean the lines it displays normally when -w is missing). Could someone possibly explain how to do this?
Asked by user2565010
Solution #1
Here’s a clever technique to accomplish your goal:
tcpdump -w - | tee somefile | tcpdump -r -
What it does:
Answered by cnicutar
Solution #2
The —print option has been available since tcpdump 4.9.3 4.99.0:
tcpdump -w somefile --print
Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
Summary for 4.99.0 tcpdump release
[...]
User interface:
[...]
Add --print, to cause packet printing even with -w.
Answered by ysdx
Solution #3
tcpdump ${ARGS} &
PID=$!
tcpdump ${ARGS} -w ${filename}
kill $PID
Answered by Trevor Boyd Smith
Solution #4
Consider the following option if you don’t want to run tcpdump twice:
sudo tcpdump port 80 -w $(tty) | tee /tmp/output.txt
You could use $TTY instead of $(tty) from the interactive command prompt, but the former would not be set in a script (though I’m not sure how often it is to execute tcpdump in a script).
The shell constructs already supply le. Maybe there’s a valid purpose for tcpdump’s design, but I’m not sure what it is.
Answered by Sridhar Sarnobat
Post is based on https://stackoverflow.com/questions/25603831/how-can-i-have-tcpdump-write-to-file-and-standard-output-the-appropriate-data