Re: How to daemonize tcpdump

[Guy Harris <guy () alum mit edu>]

On May 23, 2008, at 12:44 PM, Chris Pawelko wrote:

> Has anybody heard of or had run tcpdump as a daemon?
> If so are there any instructions?

"Run[ning] tcpdump as a daemon" is too general of an operation to have  
a single simple set of instructions; do you want to have:

	a daemon that starts up at boot time and captures from a particular  
interface, with a particular filter, writing binary data to a  
particular file;

	a daemon that you can connect to and ask it to start a capture on a  
specified interface, with a specified filter, writing to a specified  
file;

etc.?

The first of those would probably be easy to do on various UN*Xes, by  
having the daemon "program" be a script that runs tcpdump with the  
appropriate -i, -s, and -w flags and filter argument.

The second of those would be more work, as you'd need a daemon to  
handle the "accept a connection, parse whatever request you send it,  
and run tcpdump" - unless you decide, for example, that the daemon's  
name should be "sshd". :-)
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.