I'm trying to run tcpdump on linux machine, which needs to write pcap on the remote server with file rotation every 10 seconds.
tcpdump -s0 -i eth0 -G 10 -w - | ssh {remote_ip} "cat > capture_%d-%m_%Y__%H_%M.pcap"
The file gets return on the remote server for first cycle (10 seconds) and then I'm getting the following error.
tcpdump: listening on ens224, link-type EN10MB (Ethernet), capture size 262144 bytes
tcpdump: Can't write to standard output: Bad file descriptor
I'm using -G for time based rotation, if I remove -G, then i'm able to write to remote server continuously.
My remote server is configured with password-less login form this host.
You can pipe tcpdump to another tcpdump so in your case :
tcpdump -i eth0 -w - not port 22 | \
ssh my.remote.host tcpdump -r - -w /tmp/capture_%d-%m_%Y__%H_%M_%S.pcap -G 2 -C 100