我正在尝试在Linux中捕获tcpdump,并使用-C和-W选项来启用捕获文件大小限制为250MB的tcpdump。
sudo tcpdump -i any -s0 -vvv -W 999 -C 250 -w FILENAME.pcap. -Z root
另一方面,我得到的输出是
FILENAME.pcap.001
FILENAME.pcap.002
FILENAME.pcap.003
但我想知道如何将输出文件名改为:
FILENAME001.pcap
FILENAME002.pcap
FILENAME003.pcap
感谢您提出任何建议!
答案 0 :(得分:1)
Tcpdump没有内置这样的功能。你可以在最后运行这样的东西来重命名你的文件:
for f in FILENAME.pcap.*; do
mv "$f" "$(echo $f | sed 's/FILENAME.pcap.\(.*\)/FILENAME\1.pcap/')";
done
答案 1 :(得分:1)
您可以使用-z功能,即:
-z postrotate命令 与-C或-G选项一起使用,这将使tcpdump运行“ postrotate-command file”,其中file是保存文件。 每次旋转后关闭。例如,指定-z gzip或-z bzip2将使用gzip或bzip2压缩每个保存文件。
Note that tcpdump will run the command in parallel to the capture, using the lowest priority so that this doesn't disturb the capture
process.
And in case you would like to use a command that itself takes flags or different arguments, you can always write a shell script that will
take the savefile name as the only argument, make the flags & arguments arrangements and execute the command that you want.