tcpdump mailing list archives

Re: buffering with -w in tcpdump

From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 30 Jan 2004 22:25:17 +1100 (EST)

In some email I received from Michael Richardson, sie wrote:
-- Start of PGP signed section.

"Darren" == Darren Reed <darrenr () reed wattle id au> writes:

    Darren> Is there any way to reduce the amount of buffering tcpdump does
    Darren> for -w ?  like get it to flush every second or packet or every
    Darren> 10k or...just not the way it defaults to :)

    Darren> Or should I go cut some code ? :)

  Send code :-)

  When you are capturing lots of traffic, flushing lots is not the best way
to keep up. So, it needs to be an option.
  We need to redo option processing, as we are running out of options,
I think.


The case I'm thinking about here is not "lots of traffic" but kinda
like this - i have 'tcpdump -w file ...' running in one window or
in the background and I go and do 'tcpdump -r file ...' and will
quite probably get a partial read on the last record or even no
data at all, even though the 'tcpdump -w' has read some packets.

Darren

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

buffering with -w in tcpdump Darren Reed (Jan 27)
- Re: buffering with -w in tcpdump Guy Harris (Jan 28)
- <Possible follow-ups>
- Re: buffering with -w in tcpdump Darren Reed (Jan 30)