Wireshark mailing list archives

Re: Writing DUMPCAP ring buffer file directly to destination

From: John Powell <jrp999 () gmail com>
Date: Thu, 13 Dec 2012 15:09:26 -0600

Hi Guy,

I had seen an eth file in the /tmp directory earlier that had been
increasing in size - I do not see it now so it must have been a user doing
a manual capture.

Thanks for  getting back to me and correcting the error in my
understanding....

My guess is that the issue is strictly with writing the file down to the
disk so I will work on hardware to enhance that.

Hope you have a great day!!

-John

On Thu, Dec 13, 2012 at 2:50 PM, Guy Harris <guy () alum mit edu> wrote:


On Dec 13, 2012, at 8:51 AM, John Powell <jrp999 () gmail com> wrote:

I am currently running DUMPCAP as a service to capture packets in a high

packet throughput environment.


The command used is:

/usr/local/bin/dumpcap -B 16 -i 2 -f vlan and (not vrrp and not udp port

1985 and not ether host 01:00:0c:cc:cc:cc) -g -b filesize:250000 -b
duration:900 -w /data/eth1.cap


I am experiencing disk IO issues.

I suspect that part of my disk IO issue is due to copying the rotated

file from \tmp to \data

Have you seen it copying the file from /tmp to /data?

Or are you just *assuming* it's writing the files to /tmp and copying them
rather than just writing directory to files in /data?  It would be unwise
to assume that, given that, in fact, it *doesn't* do that (and *didn't* do
that in a test I just did); if you're seeing it copy the file, that's a bug.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Writing DUMPCAP ring buffer file directly to destination John Powell (Dec 13)
- Re: Writing DUMPCAP ring buffer file directly to destination Guy Harris (Dec 13)
  - Re: Writing DUMPCAP ring buffer file directly to destination John Powell (Dec 13)