tcpdump mailing list archives
Re: How to cut capture by duration
From: "zze-DALMASSO Cedric RD-BIZZ-SOP" <cedric.dalmasso () rd francetelecom com>
Date: Thu, 20 Apr 2006 11:03:37 +0200
Hello, Thanks for the answer, I test it and it works. But I have some remarks: - when we use a long time (more 10 hours with the next command line /tmp/tcpdump-2006.03.29 -G 3600 -i eth0 -s 0 -w /tmp/%y%m%d%H%M.eth0.dmp) tcpdump with the -G option the generated file are longer than the G granularity as you can see in the list of generated file ... /tmp/0604111800.eth0.dmp /tmp/0604111900.eth0.dmp ... /tmp/0604112001.eth0.dmp /tmp/0604112101.eth0.dmp ... ^^ /tmp/0604121201.eth1.dmp /tmp/0604121202.eth0.dmp ... ^^ maybe a mean to solve the issue is to take packet's timestamp as reference to cute? - it maybe interesting to cut generating files at the modulo of the granularity. For example with a granularity 60 I generate a file each minute from the begin of a minute (the modulo of the number of seconds since 1970) to the end. This can help to solve the previous issue. Kind regards. Cédric Dalmasso PS:excuse my poor englih :-(
-----Message d'origine----- De : tcpdump-workers-owner () lists tcpdump org [mailto:tcpdump-workers-owner () lists tcpdump org] De la part de Guy Harris Envoyé : jeudi 5 janvier 2006 23:59 À : tcpdump-workers () lists tcpdump org Objet : Re: [tcpdump-workers] How to cut capture by duration On Jan 5, 2006, at 12:30 AM, zze-DALMASSO Cedric RD-BIZZ-SOP wrote:I look for a means to make a capture at long time. But it's impossible since the file's size grow up. Do you know a means to cut it by duration, for example each hour a new file (it's simpler to use file with duration cut rather than size cut)?Yes, but it only works with the "current tar files" version of tcpdump, not with any version that's been released - the "-G" flag can be used to switch capture files after some amount of time has expired. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Re: How to cut capture by duration zze-DALMASSO Cedric RD-BIZZ-SOP (Apr 20)