On Fri, Sep 01, 2000 at 02:25:54PM -0400, Baskar Pathmanathan wrote:
> I am actually running RedHat Linux 6.2 on Intel 486dx-100! Guess I didn't
> wait for tethereal to capture 4096 bytes and thus the file size appeared
> zero. So is there something I can do so that the output doesn't get
> buffered???
Well, you could modify the code in "wtap_dump_open_common()" in
"wiretap/file.c" so that it does
setvbuf(fh, NULL, _IONBF, 0);
but that means that Ethereal/Tethereal will *NEVER* produce buffered
output; if Ethereal or Tethereal is capturing a lot of packets, that
could require it to make a lot more calls to the OS kernel to write data
to the file, and could thus make it less efficient (which means the
versions of Ethereal/Tethereal we release won't do that).
Why do you need to have Tethereal write packets to the file as soon as
they are captured? You say
> Wondering if there is any way I could get it to dump to the file while
> capturing itself. This way I could see if there are any packets that match
> the filters ....
To which filters are you referring? If you're referring to the capture
filter, you know whether there are any packets that match *that* filter
when the count that Tethereal displays goes up.