tcpdump mailing list archives

Re: ring buffer with tcpdump

From: "Ramon Kukla" <Ramon.Kukla () roland-rechtsschutz de>
Date: Tue, 23 Nov 2004 14:11:27 +0100


On 23 Nov 2004, Will Drewry <drewry () gmail com> wrote:

<ramon.kukla () roland-rechtsschutz de> wrote:

So maybe anyone with a nice idea or a hint how tcpdumd would create my
ring buffer?


I believe that that exact functionality is implemented by the -W flag:

  tcpdump -C 50 -W 10 -w filename -i eth1

Where you want to have a ring buffer of 10 files totral. I'm not sure
what version this appeared in, but it is in the 'current' tarballs.


Yes, it's currently just part of the 'current' one. At first I tried
tcpdump 3.8.3 and libpcap 0.8.3 with no success. But after moving to
the current-release (in fact the current...2004.11.23) there was a new
option called '-W filecount'. ;)

I hope this is what you're looking for.


Yes, thank you! :)

cheers,
Ramon


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

ring buffer with tcpdump Ramon Kukla (Nov 22)
- Re: ring buffer with tcpdump Will Drewry (Nov 22)
  - Re: ring buffer with tcpdump Ramon Kukla (Nov 23)