tcpdump mailing list archives
Re: using a database to store packets
From: Guy Harris <guy () alum mit edu>
Date: Fri, 26 Nov 2004 15:46:35 -0800
Ed Maste wrote:
Your program wouldn't be processing old captured data. You have tcpdump output libpcap format data to stdout, in realtime.
Note that there's currently no option in tcpdump to cause the standard output to be flushed at the end of a packet (or a batch of packets) when capturing with "-w -", so the last packet in a batch might not be delivered as soon as it arrives.
"-l" could perhaps be hijacked for that purpose, although it's a bit counter-intuitive to have "l"ine-buffering refer to something when the output isn't lines of text.
Tethereal always flushes the standard output after processing a batch of packets if it's writing to a pipe in "-w" mode. If the typical case of piping from tcpdump/Tethereal is piping to a process that wants packets as soon as they arrive, rather than to a process that's manipulating the sequence of packets and writing it to a file that's not going to be looked at until the capture is done, that might be the right thing to do.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- using a database to store packets MAURICIOMANENTS (Nov 27)
- Re: using a database to store packets Guy Harris (Nov 27)
- <Possible follow-ups>
- Re: using a database to store packets MAURICIOMANENTS (Nov 27)
- Re: using a database to store packets Ed Maste (Nov 27)
- Re: using a database to store packets Guy Harris (Nov 27)
- Re: using a database to store packets Daniel Lawson (Nov 28)
- Re: using a database to store packets Ed Maste (Nov 27)
- Re: using a database to store packets MAURICIOMANENTS (Nov 29)
- Re: using a database to store packets Aaron Turner (Nov 29)
- Re: using a database to store packets Daniel Lawson (Nov 29)
- Re: using a database to store packets MAURICIOMANENTS (Nov 29)