cron job:
# start tcpdump each hour from 8:00 to 20:00 daily
00 8-20 * * * root /var/scripts/tcpdumper.shtcpdumper.sh script:
#!/bin/bash
TCPDUMP="/usr/bin/timeout 1h /usr/sbin/tcpdump -v -As0 -pnni enp2s0 udp and net 10.72.1.0/24 or net 10.72.2.0/24 or host 1.2.3.4"
DATE=$(date +%F_%T)
cd /home/user/
$TCPDUMP -w $DATE.pcap
# remove older than 5 days old dumps
find /home/user/ -type f -name "*pcap" -mtime +5 -execdir rm -f {} \;
exit $?