Home/ Questions/Q 7181341
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T17:32:12+00:00

I’m trying to run tcpdump in the background while I send some traffic over

  • 0

I’m trying to run tcpdump in the background while I send some traffic over eth0 and then pkill the tcpdump process after the traffic has been sent.

When I run tcpdump alone in the background it runs without error: 

bash~~$ sudo /usr/sbin/tcpdump -i eth0 -s0 -w /tmp/eth0.pcap &
[1] 19282
bash~~$ tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

bash~~$

Then I can pkill the tcpdump afterwards:

bash~~$ ps -ef | grep tcpdump; sleep 1; sudo pkill tcpdump; ps -ef | grep tcpdump
fred 20437 15842  0 11:55 pts/2    00:00:00 grep tcpdump
fred 20467 15842  0 11:55 pts/2    00:00:00 grep tcpdump
bash~~$

Now when I put the above all together I can’t seem to get past the initial tcpdump call:

bash~~$ sudo /usr/sbin/tcpdump -i eth0 -s0 -w /tmp/eth0.pcap & ; ps -ef | grep tcpdump; sleep 1; sudo pkill tcpdump; ps -ef | grep     tcpdump;
-bash: syntax error near unexpected token `;'
bash~~$

Any ideas on what I’m missing? Does tcpdump behave different to other functions?

A

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ampersand & is a pipeline terminator together with ;, && and ||. You should not specify two different pipeline terminators together, but rather chose one depending on your needs. Here, you probably want

    sudo /usr/sbin/tcpdump -i eth0 -s0 -w /tmp/eth0.pcap & ps -ef | grep tcpdump; sleep 1; sudo pkill tcpdump; ps -ef | grep tcpdump;

    Relevant excerpts from the bash manpage:

    A pipeline is a sequence of one or more commands separated by one of
    the control operators | or |&.

    A list is a sequence of one or
    more pipelines separated by one of the operators ;, &, &&, or ││, and
    optionally terminated by one of ;, &, or <newline>.

    • 0