I used the
windump -l > Test.txt
from command Line Option. and after 60 seconds; I pressed CTRL + C. It logged correct data in Test.txt
But when I used
import os,win32pipe
TooMuchTime = 60
x = win32pipe.popen("windump -l > Test.txt",'w+')
w = time.time()
TotalTime = time.time() + TooMuchTime
while time.time() < TotalTime:
time.sleep(1.0)
print ".",
x.close()
this code and complied from command line , It does not write any data in test.txt..
What is effective way for regular ("full") buffering rather than using line buffering ( "-l") option of windump?
Shahid
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Wednesday, September 24, 2003 12:32 PM
To: Munshi, Shahid K. (Manpower Contract)
Cc: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] POPEN Query
On Sep 24, 2003, at 10:48 AM, Munshi, Shahid K. (Manpower Contract)
wrote:
> I am trying to capture network traffic for 60 seconds using windump
> utility for windows under Windows 2000 Server platform.
Then this should probably be sent to winpcap-users@xxxxxxxxxxxxxxxxx.
However:
> When I open the Captured file , There is nothing in file.... Anybody
> explain me why ?
>
> import os,win32pipe
> TooMuchTime = 60
> x = win32pipe.popen("windump > Test.txt",'w+')
tcpdump/WinDump, like Tethereal, use the C language's "standard I/O
library" routines to produce output. Those routines, when you write to
a file, do not, by default, write lines to the file immediately - they
buffer up data and write it in buffered chunks, which are probably
somewhere between 512 bytes and 8192 bytes. On Windows, I think it's
typically 4096 bytes.
Therefore, unless, after 60 units of time (seconds, I assume, if
"time.time()", in whatever language your software is written, is like
UNIX's "time()" call), more than that buffer size (4096 bytes, for
example) worth of output has been produced, nothing will have been
written to the file yet.
tcpdump/WinDump support a "-l" command-line flag - see the man page at
http://windump.polito.it/docs/manual.htm
which says
-l
Make stdout line buffered. Useful if you want to see the data while
capturing it. E.g.,
``tcpdump -l | tee dat'' or ``tcpdump -l >
dat & tail -f dat''.
Your program (except for the fact that it doesn't read Test.txt) is
similar to the second of those examples; try doing
x = win32pipe.popen("windump -l > Test.txt",'w+')
although note that line-buffering is less efficient than regular
("full") buffering.
(To make this slightly more relevant to the ethereal-users mailing
list, this is another example of when to use the "-l" flag, which
Tethereal also has, and about which another person on this list
recently asked.)