On Fri, Jun 15, 2001 at 07:53:00AM -0600, Phil Wood wrote:
> Run tcpdump with the -n flag and -w to a file.
"-w" should, I think, render "-n" irrelevant - if "-w" is specified, the
main tcpdump loop runs entirely inside libpcap (which knows nothing of
"-n"), i.e. it runs inside "pcap_loop()" with the callback routine
being "pcap_dump()".
I.e., "-w" would be sufficient, if they just want to capture a lot of
traffic as it arrives, and look at it later.
(Running without "-w", even with "-n", might slow down capture, and
cause packet loss on a busy network, as the packet dissectors have to
analyze the packet contents, and print packet data - and if the standard
output isn't being written to a file, you end up either writing to a
terminal on a serial line or to some terminal-emulator program over a
pseudo-tty or to the rlogin/telnet/ssh/whatever daemon with the client
writing to the serial line or terminal emulator.)
Unfortunately, the person who asked didn't indicate whether they were
using "-w" or not; the answer to their questions would depend
significantly on whether they were.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
