Re: 2.0 GB Max file size on linux packet captures

[Phil Wood <cpw () lanl gov>]

Build your own libpcap by hardcodeing this into your Makefile:

  DEFS = -DHAVE_CONFIG_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
-D_GNU_SOURCE

and do a 'make clean all'.

and, if you are building an application which reads and writes files
which could get larger than 2G, that does not use libpcap than just make
sure you incorporate the BITS and SOURCE defines in your make file.

Later,

PS: if you are really into rolling your own, try the pcap distribution
    at http://public.lanl.gov/cpw (Number 2).  It builds with large files
    in mind and captures more packets than the other "distros".

On Wed, Sep 24, 2003 at 04:42:18PM -0600, Scott Williams (Network) wrote:
> When I do tcpdump or snort packet captures to disk, I keep hitting a max
> file size of 2GB. I've tried different versions of RedHat. From web
> searches, it seems like I need to enable Large File Support (LFS), but
> this doesn't seem well documented or supported. 
>  
> Does anyone have experience doing this or is there a linux distro that
> defaults to LFS?

-- 
Phil Wood (cpw_at_lanl.gov)


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users