On my
Red Hat Enterprise Linux Server release 6.5 when saving a tcpdump capture to a file with the -w option, the resulting file is empty:
[root@plop ~]# tcpdump -n -w tcpdump.cap
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C217 packets captured
217 packets received by filter
0 packets dropped by kernel
[root@plop ~]# cat tcpdump.cap
[root@plop ~]# ll tcpdump.cap
-rw-r-----. 1 root root 0 Aug 25 14:13 tcpdump.cap
[root@plop ~]#
I also tried to redirect the output of the command with > and &>, but I always get an empty file...
What could be the reason for this?
NB:
- I can see a correct output in the terminal (many packets) when not redirecting to a file
- I did the same with thsark and it worked as expected (the output file was correct)
- The verison of tcpdump is tcpdump version 4.1-PRE-CVS_2012_02_01
- The version of libpcap is libpcap version 1.4.0
- I tried with -U option, it didn't fix the problem.
Asked by sdabet
(1061 rep)
Aug 25, 2015, 09:56 AM
Last activity: Oct 5, 2023, 12:45 AM
Last activity: Oct 5, 2023, 12:45 AM