Would it work for you to start the tcpdump
command in the background and terminate it after a fixed amount of time? E.g. run
(tcpdump (options) | fgrep (options) > file) &
then get the pid of the process and wait some time,
pid=$!
sleep 60
and finally kill the command and parse the output
kill -9 $pid
sed (options) file | awk (options)
rm file
Update
If you really want Ctrl-P
to stop tcpdump
, trap
is the way to go. However, after the trapped command is executed, you will always end up at the shell! So the behavior you described is actually what trap
is supposed to do.
Thus you could write your trap
command as
trap "{ sed (options) file | awk (options); rm file; }" SIGINT SIGTERM
and it should perform all the post-processing on interrupt. If you have more than these simple commands, it might make more sense to put all post-processing commands in a new script or function, e.g.
exec_on_interrupt() {
sed (options) file | awk (options)
rm file
# other stuff...
}
trap "exec_on_interrupt" SIGINT SIGTERM