====== Timed tcpdump ======

Sometime something is going on in the wee hours of the morning involving network traffic. I don't like to get up in the wee hours any more.

It would be handy to be able to do a tcpdump session at a particular time for a particular duration. UNIX is so accommodating. We can combine **at** with  **timeout** and get just what we need.

<code>
echo "/usr/bin/timeout -k 15s  -s SIGINT 2h /usr/sbin/tcpdump -n -i bond0 -s 0 -w /tmp/debug.pcap port 8080" | at 2:00
</code>

**at** can run a specific file at a specific time and it can also execute something from **stdin**. So, at 22:00 today (or tomorrow if it's already past 02:00), we will run **timeout** with our **tcpdump** command. **timeout** will send SIGINT  to **tcpdump** after two hours have elapsed. If it is still running after another 15 seconds it will be killed. 

**tcpdump** is being  told to do what **tcpdump** does.

Later on we will find a nice pcap file waiting for us covering the period in question. **at** will mail us the output that you typically see when you ctrl-C out off it.