TCPDUMP - How to view an existing tcpdump from a new ssh session?

If you are running tcpdump from CLI, the following commands should help. I expect that tcpdump from the UI would also show up in either the UI or using "ps". When running tcpdump in the background, you should always limit filesystem space that the capture files will consume by using the -C (limit capture file-size) and -W (limit the number of files created to the specified number, and begin overwriting files from the beginning) flags. I also suppressed all of my standard and error output to a log file (/shared/tmp/tcpdump-errors.log).

• Start tcpdump in background and send stdout and stderr messages to log file:

[user@bigip01:Active:In Sync] shared tcpdump -ni 0.0 -w /shared/tmp/temporary.pcap -C100 -W10 &> /shared/tmp/tcpdump-errors.log &

[1] 4222

• See if tcpdump is running:

[user@bigip01:Active:In Sync] shared ps -e | grep tcpdump

4222 pts/1 S 0:01 tcpdump -ni 0.0 -w /shared/tmp/temporary.pcap -C100 -W10

4265 pts/1 S+ 0:00 grep tcpdump

• Stop tcpdump process:

[[user@bigip01:Active:In Sync] shared kill 4222

[1]+ Done tcpdump -ni 0.0 -w /shared/tmp/temporary.pcap -C100 -W10 >&/shared/tmp/tcpdump-errors.log

• See if tcpdump is running:

[[user@bigip01:Active:In Sync] shared ps -e | grep tcpdump

4301 pts/1 S+ 0:00 grep tcpdump

• Check messages/error log file:

[[user@bigip01:Active:In Sync] shared tail /shared/tmp/tcpdump-errors.log

tcpdump: listening on 0.0, link-type EN10MB (Ethernet), capture size 96 bytes

20480 packets captured 20480 packets received by filter 0 packets dropped by kernel