tcpdump on docker container gives error "invalid number of output files"

Question

I'm trying to run a tcpdump command in docker container but I always get this error: "tcpdump: invalid number of output files ="

I'm running docker in Ubuntu.

This is my container run:

sudo docker run --name pcap_log -it --network=host -e "log_int=any" -e "log_rot=30" -e "log_fil=120" --mount source=/home/docker/container_data/pcap_data, target=/pcap_captures, type=bind pcap_log:12345

This is my image:

FROM debian:10.3
RUN apt-get update \
    && apt-get install -y \
    tcpdump
RUN mv /usr/sbin/tcpdump /usr/bin/tcpdump
RUN mkdir /pcap_captures
WORKDIR /pcap_captures

ARG log_int
ARG log_rot
ARG log_fil

ENV log_int = $log_int
ENV log_rot = $log_rot
ENV log_fil = $log_fil

CMD tcpdump -i $log_int -G $log_rot -w '%Y-%m-%d_%H:%M:%S.pcap' -W $log_fil -U

Answer 1

"tcpdump: invalid number of output files ="

As you can see, there is an = sign left somewhere that is not interpreted correctly.

The problem is in your ENV declaration with an extra space before and after the = sign. For example

ENV log_int = $log_int

is instructing docker that the environment var log_int should be set to the value = $log_ing. Either you completely drop the equal sign

ENV log_int $log_int

or you remove the spaces arround it

ENV log_int=$log_int

Both are totally equivalent.

I actually suggest your keep the second form, declare all your envs in a single action and secure your vars with quotes:

ENV log_int="$log_int" log_rot="$log_rot" log_fil="$log_fil"