I want to start a TCP program and capture the related packets,
my shell script cap.sh is as below:
sudo tcpdump -i eth0 -w mypcap &
sleep 3
./tcp_receiver
sleep 2
x=`ps -ef|grep "tcpdump"|grep -v "grep"|awk '{print $2}'`
sudo kill -9 $x
I run cap.sh
sudo ./cap.sh
so actually in this shell, I can run sudo without password
and the host just a virtual slice on a remote machine (PLanetlab node)
although I can see the process tcpdump from ps -ef
it captures nothing
I see the mypcap file is 0 bytes after the cap.sh finishes
what are potential reasons? and how to make the tcpdump in a shell script capture the packets? thanks!
Don't use kill -9. Not only is it almost always the wrong thing to do, it might be causing the problem here, by having buffered data be discarded rather than written to disk. Use plain old kill, or kill -2.
Another option is to add in the -U option to flush the output buffer after every packet.