I don't have an answer to your original question other than to say I just
duplicated it on a FreeBSD host but not on OS X. Smells like a bug to me.
I've done something similar in the past using -G and writing to something like
/packets/%Y/%m/%d/%H%M%S.pcap (assuming those directories exist). Thi
Looks like the call to pcap_dump_ftell() is always returning -1 and setting
errno to 93 (ENOTCAPABLE). This makes sense since I can only trigger it on
FreeBSD, and if I disable capsicum support in config.h and rebuild then -C
works as expected.
I'll take a look at this and send a PR, but you ma
I've got a patch for this at
https://github.com/wxsBSD/tcpdump/commit/84998745a29a0ffb3a680c29692c15426a1ce960.
Seems to work well but I would appreciate any testing anyone can do. I'm also
going to make sure this is right from the capsicum perspective as I have no
experience with that. Once I
On Feb 18, 2015, at 10:18 AM, Wesley Shields wrote:
> I've got a patch for this at
> https://github.com/wxsBSD/tcpdump/commit/84998745a29a0ffb3a680c29692c15426a1ce960.
I've checked into the trunk a change to check for pcap_dump_ftell() failing
(which it should *always* have done; had it done
Thanks! I've submitted a pull request (please ignore my first one, it was made
on the master branch of my fork).
https://github.com/the-tcpdump-group/tcpdump/pull/433
I'm still not clear how -G, -C and -W are meant to work together though. The
manage is a bit unclear to me. Any pointers on how
Wow this was quick!
Thanks so much Wesley and Guy.
Shane
On 19 February 2015 at 09:11, Wesley Shields wrote:
> Thanks! I've submitted a pull request (please ignore my first one, it was
> made on the master branch of my fork).
>
> https://github.com/the-tcpdump-group/tcpdump/pull/433
>
> I'm
