tcpdump on each interface individually
Original article here
1#!/bin/bash
2#===================================================================================
3#
4# FILE: dump.sh
5# USAGE: dump.sh [-i interface] [tcpdump-parameters]
6# DESCRIPTION: tcpdump on any interface and add the prefix [Interace:xy] in front of the dump data.
7# OPTIONS: same as tcpdump
8# REQUIREMENTS: tcpdump, sed, ifconfig, kill, awk, grep, posix regex matching
9# BUGS: ---
10# FIXED: - In 1.0 The parameter -w would not work without -i parameter as multiple tcpdumps are started.
11# - In 1.1 VLAN's would not be shown if a single interface was dumped.
12# NOTES: ---
13# - 1.2 git initial
14# AUTHOR: Sebastian Haas
15# COMPANY: pharma mall
16# VERSION: 1.2
17# CREATED: 16.09.2014
18# REVISION: 22.09.2014
19#
20#===================================================================================
21# When this exits, exit all background processes:
22trap 'kill $(jobs -p) &> /dev/null && sleep 0.2 && echo ' EXIT
23# Create one tcpdump output per interface and add an identifier to the beginning of each line:
24if [[ $@ =~ -i[[:space:]]?[^[:space:]]+ ]]; then
25tcpdump -l $@ | sed 's/^/[Interface:'"${BASH_REMATCH[0]:2}"'] /' &
26else
27for interface in $(ifconfig | grep '^[a-z0-9]' | awk '{print $1}')
28do
29tcpdump -l -i $interface -nn $@ | sed 's/^/[Interface:'"$interface"'] /' &
30done
31fi
32# wait .. until CTRL+C
33wait