Re: ring buffer with tcpdump

[Will Drewry <drewry () gmail com>]

On Mon, 22 Nov 2004 13:10:09 +0100, Ramon Kukla
<ramon.kukla () roland-rechtsschutz de> wrote:
> Hi everybody,
>
> I searched the web and checked a couple of times the tcpdump manuals to
> be sure that I didn't overlooked something. But I have to admit that I
> didn't find any solution for my problem.
> I would like to run tcpdump saving the dumps into a number of files
> with the size 'n'.
> Currently I'm running tcpdump with 'tcpdump -C 50 -w filename -i eth1'.
> But I would like to have an option saying 'If you finished writing
> file 50 please start to overwrite file number 0' (ring buffer ).
> And yes... I could use ethereal. But in fact this time I just have the
> ability to use tcpdump due to the lack of a missing X ;)
>
> So maybe anyone with a nice idea or a hint how tcpdumd would create my
> ring buffer?
>
> Thanks for your help
> Ramon


Hi,

I believe that that exact functionality is implemented by the -W flag:

   tcpdump -C 50 -W 10 -w filename -i eth1

Where you want to have a ring buffer of 10 files totral. I'm not sure
what version this appeared in, but it is in the 'current' tarballs.

I hope this is what you're looking for.

cheers,
will
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.