On Mar 10, 2012, at 12:01 PM, jedge wrote:
> I suppose if you don't HAVE_PCAP_DUMP_FLUSH
If the libpcap with which tcpdump is built is a version released at the same
time, or after, the time that version of tcpdump is released, it'll have
pcap_dump_flush(). A version of tcpdump with -U su
n of
the
file format.
From: Guy Harris
To: tcpdump-workers@lists.tcpdump.org
Sent: Saturday, March 10, 2012 2:26 PM
Subject: Re: [tcpdump-workers] pipeline buffering
On Mar 10, 2012, at 6:18 AM, jedge wrote:
> When using the (-w) option in conjunction w
On Mar 10, 2012, at 6:18 AM, jedge wrote:
> When using the (-w) option in conjunction with the (-l) option,
Use it with the -U option instead:
$ man tcpdump
...
-U Make output saved via the -w option ``packet-buffered''; i.e.,
as each packet is saved, it wil
When using the (-w) option in conjunction with the (-l) option, sending the
binary network packets to stdout still buffers.
I am using tcpdump and all its glorious features as a front end filter to a
similar process that handles the presentation layer.
I modified tcpdump.c near lines 822 (-i) an
