A standard behavior of tcpdump that caused me a bit of grief recently is that when writing to a capture file with -w, output is buffered by default. When tcpdump'ing to stdout and piping or redirecting to a file, it's common to use the -l flag to make output line-buffered. It doesn't appear that there's any way to get -w to line (or packet) buffer. Probably this would need support from libpcap's pcap_dump, and some way to pass the flag through pcap_loop? Or an alternate, say pcap_dump_flush. Messy; not worth maintaining local patches to add that (unless this would be helpful to others as well?)
The quick workaround I came up with was to use -l and -w -, and redirect stdout. This unfortunately means -c won't work, but I can live without that for now. But, is there a better way to accomplish what I'm after? Maybe I'm just missing something. Thanks, Hank Leininger <[EMAIL PROTECTED]> - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
