tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to cut capture by duration

From: "zze-DALMASSO Cedric RD-BIZZ-SOP" <cedric.dalmasso () rd francetelecom com>
Date: Thu, 20 Apr 2006 11:03:37 +0200
Hello,
Thanks for the answer, I test it and it works. 
But I have some remarks:
        - when we use a long time (more 10 hours with the next command line /tmp/tcpdump-2006.03.29  -G 3600 -i eth0 -s 
0 -w /tmp/%y%m%d%H%M.eth0.dmp) tcpdump with the -G option the generated file are longer than the  G granularity as you 
can see in the list of generated file

...
/tmp/0604111800.eth0.dmp
/tmp/0604111900.eth0.dmp
...
/tmp/0604112001.eth0.dmp
/tmp/0604112101.eth0.dmp
...                          ^^
/tmp/0604121201.eth1.dmp
/tmp/0604121202.eth0.dmp
...                          ^^
        maybe a mean to solve the issue is to take packet's timestamp as reference to cute?

        - it maybe interesting to cut generating files at the modulo of the granularity. For example with a granularity 
60 I generate a file each minute from the begin of a minute (the modulo of the number of seconds since 1970) to the 
end. This can help to solve the previous issue.

Kind regards.

Cédric Dalmasso

PS:excuse my poor englih :-( 


-----Message d'origine-----
De : tcpdump-workers-owner () lists tcpdump org 
[mailto:tcpdump-workers-owner () lists tcpdump org] De la part 
de Guy Harris
Envoyé : jeudi 5 janvier 2006 23:59
À : tcpdump-workers () lists tcpdump org
Objet : Re: [tcpdump-workers] How to cut capture by duration


On Jan 5, 2006, at 12:30 AM, zze-DALMASSO Cedric RD-BIZZ-SOP wrote:


I look for a means to make a capture at long time. But it's  
impossible since the file's size grow up.
Do you know a means to cut it by duration, for example each hour a  
new file (it's simpler to use file with duration cut rather than  
size cut)?


Yes, but it only works with the "current tar files" version of  
tcpdump, not with any version that's been released - the "-G" flag  
can be used to switch capture files after some amount of time has  
expired.

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.


-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: