On Wed, Sep 19, 2001 at 07:59:54AM -0700, Levine, Barry I wrote:
> Has anyone developed or can suggest a method to automatically (real
> time without user input) save sniffed packets to a file while continuing
> to sniff.
Ethereal, Tethereal, and tcpdump all do that - Ethereal *always* saves
sniffed packets to a file, and Tethereal and tcpdump do so if run with
the "-w" flag.
However, neither Tethereal nor tcpdump guarantee that the last packet in
the file will be complete until they finish capturing, as they just use
"standard I/O library" routines such as "fwrite()" (or use routines that
use those routines) to write to the capture file, so they'll fill up an
in-memory buffer (typically somewhere between 512 and 8192 bytes),
writing each buffer to the file as it fills up, and flushing the last of
the stuff out to the file when they close the capture file.
Ethereal sort of does so *IF* you're doing an "Update list of packets in
real time" capture, although there's always, of course, the risk that,
if some other program is looking at the file, it might catch it in the
middle of a flush.
What is it you're trying to do?