tcpdump mailing list archives
Re: buffering with -w in tcpdump
From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 30 Jan 2004 22:25:17 +1100 (EST)
In some email I received from Michael Richardson, sie wrote: -- Start of PGP signed section.
"Darren" == Darren Reed <darrenr () reed wattle id au> writes:Darren> Is there any way to reduce the amount of buffering tcpdump does Darren> for -w ? like get it to flush every second or packet or every Darren> 10k or...just not the way it defaults to :) Darren> Or should I go cut some code ? :) Send code :-) When you are capturing lots of traffic, flushing lots is not the best way to keep up. So, it needs to be an option. We need to redo option processing, as we are running out of options, I think.
The case I'm thinking about here is not "lots of traffic" but kinda like this - i have 'tcpdump -w file ...' running in one window or in the background and I go and do 'tcpdump -r file ...' and will quite probably get a partial read on the last record or even no data at all, even though the 'tcpdump -w' has read some packets. Darren - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- buffering with -w in tcpdump Darren Reed (Jan 27)
- Re: buffering with -w in tcpdump Guy Harris (Jan 28)
- <Possible follow-ups>
- Re: buffering with -w in tcpdump Darren Reed (Jan 30)