tcpdump mailing list archives
Re: What is the main reason in absent append
From: Guy Harris <guy () alum mit edu>
Date: Thu, 16 Feb 2006 12:42:52 -0800
On Feb 16, 2006, at 12:06 PM, Stephen Donnelly wrote:
The biggest problem I imagine is that the resulting file would have onlyone header block, so the configuration of the capture for the appended records would have to be the same as for the original file. I'm not sure how you could check for or enforce this?
Require read and write access for appending, open for reading and writing, read the header, make sure the link-layer type and snapshot length are the same (and fail if they're not), and then seek to the end and start writing.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- What is the main reason in absent append capabilities of tcpdump and libpcap? Mikhail Manuylov (Feb 16)
- Re: What is the main reason in absent append capabilities Guy Harris (Feb 16)
- Re: What is the main reason in absent append capabilities Ed Maste (Feb 16)
- Re: What is the main reason in absent append capabilities Mikhail Manuylov (Feb 17)
- Re: What is the main reason in absent append capabilities Ed Maste (Feb 16)
- Re: What is the main reason in absent append Stephen Donnelly (Feb 16)
- Re: What is the main reason in absent append Guy Harris (Feb 16)
- Re: What is the main reason in absent append Christian Kreibich (Feb 20)
- Message not available
- Re: What is the main reason in absent append Mikhail Manuylov (Feb 27)
- Re: What is the main reason in absent append Mikhail Manuylov (Feb 27)
- Re: What is the main reason in absent append Guy Harris (Feb 16)
- Re: What is the main reason in absent append capabilities Guy Harris (Feb 16)