tcpdump mailing list archives
Re: Timed Captures under UNIX
From: Guy Harris <guy () alum mit edu>
Date: Mon, 14 Apr 2008 15:02:20 -0700
Matthew Topper wrote:
I posted patches to the sourceforge projects of both tcpdump and libpcap which together enabled capturing packets for a given number of seconds. I don't really see any activity on either sites, so I was hoping that someone here could tell me how I should proceed, and if I've done anything stupid in the way I implemented this.
As I said in my comments in the pcap bug:Timed capture doesn't require libpcap changes - and that code won't work on all platforms in any case. A call to the read method for a capture device can block indefinitely if no packets arrive (the timeout specified in pcap_open_live() is *not* guaranteed to be a timer that starts when you try to read packets; on Solaris, for example, the timer doesn't start until the first packet arrives, and, on some platforms, there isn't a timer.
Using alarm() in tcpdump would work on all UN*X platforms - without requiring a call to time() for each packet batch. On Windows, the multimedia timer might be usable; note the code that's already there in top-of-tree tcpdump, where, if you're capturing to a file with the "-w" flag, the "-v" flag causes tcpdump to periodically report how many packets it's captured.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Re: Timed Captures under UNIX Guy Harris (Apr 14)