Thanks Guy On Wed, Apr 2, 2014 at 2:01 PM, Guy Harris <[email protected]> wrote: > > On Apr 1, 2014, at 10:52 PM, Aaron Lewis <[email protected]> wrote: > >> From what I know, it seems like dumpcap listens for traffic and record >> everything >> And the wireshark GUI read and parse that file. (Usually a file located in >> /tmp) >> >> But, >> 1) how did wireshark know there's a new packet? > > Dumpcap tells it. There's a pipe between dumpcap and Wireshark/TShark, and > every time a batch of packets is written to the file by dumpcap, it also > writes a message to the pipe saying that N more packets have been written to > the file. > >> 2) what happens if /tmp is full? > > Dumpcap gets a "no space left on disk" error and reports it to > Wireshark/TShark over the pipe. (The same thing happens with I/O errors, > "you exceeded your disc quota" errors and so on.) > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe
-- Best Regards, Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/ Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33 ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
