I would like to have outputs of tcpdump in standard structure. Like below:
05:49:56.604899 00:00:00:00:00:02 > 00:00:00:00:00:03, ethertype IPv4 (0x0800), length 10202: 10.0.0.2.54880 > 10.0.0.3.5001: Flags [.], seq 3641977583:3641987719, ack 129899328, win 58, options [nop,nop,TS val 432623 ecr 432619], length 10136
05:49:56.604908 00:00:00:00:00:03 > 00:00:00:00:00:02, ethertype IPv4 (0x0800), length 66: 10.0.0.3.5001 > 10.0.0.2.54880: Flags [.], ack 10136, win 153, options [nop,nop,TS val 432623 ecr 432623], length 0
05:49:56.604900 00:00:00:00:00:02 > 00:00:00:00:00:03, ethertype IPv4 (0x0800), length 4410: 10.0.0.2.54880 > 10.0.0.3.5001: Flags [P.], seq 10136:14480, ack 1, win 58, options [nop,nop,TS val 432623 ecr 432619], length 4344
However it is important for me that all these structured information saved in 10 files with size of 10 MB. I know that I have to use this command:
tcpdump -i h1-eth0 -w /tmp/trace.txt -W 10 -C 10 -K -n
However the problem is that, the out put is not in standard way. Can you please help me to find a single command that gives me the standard out put of the tcpdump in 10 files with size of 10 MB?
I could use a trick to do that. I made a simple bash script to make the pcap files into txt files. After running my tcpdump, I executed the script and it works fine for one cycle that I need. If you need to do it for all the cycles, you can exchange the for loop with a while loop.
#!/bin/bash
dir="tmp"
#tcpdump -i h1-eth0 -w /tmp/trace -W 10 -C 10 -K -n
for f in `ls /tmp`; do
echo $f;
echo /tmp/$f;
echo /media/sf_sharedsaeed/Test/$f.txt;
sudo tcpdump -r /tmp/$f >> /media/sf_sharedsaeed/Test/$f.txt
rm /tmp/$f
done