Re: Timed Captures under UNIX

[Guy Harris <guy () alum mit edu>]

Matthew Topper wrote:
> I posted patches to the sourceforge projects of both tcpdump and libpcap
> which together enabled capturing packets for a given number of seconds.  I
> don't really see any activity on either sites, so I was hoping that
> someone here could tell me how I should proceed, and if I've done anything
> stupid in the way I implemented this.

As I said in my comments in the pcap bug:

Timed capture doesn't require libpcap changes - and that code won't work 
on all platforms in any case.  A call to the read method for a capture 
device can block indefinitely if no packets arrive (the timeout 
specified in pcap_open_live() is *not* guaranteed to be a timer that 
starts when you try to read packets; on Solaris, for example, the timer 
doesn't start until the first packet arrives, and, on some platforms, 
there isn't a timer.

Using alarm() in tcpdump would work on all UN*X platforms - without 
requiring a call to time() for each packet batch.  On Windows, the 
multimedia timer might be usable; note the code that's already there in 
top-of-tree tcpdump, where, if you're capturing to a file with the "-w" 
flag, the "-v" flag causes tcpdump to periodically report how many 
packets it's captured.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.