Ethereal-users: Re: [Ethereal-users] writing to disk process

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ulf Lamping <ulf.lamping@xxxxxx>
Date: Wed, 19 Jul 2006 22:11:45 +0200
Torres, Javier wrote:

Thanks for your answer Guy,
What I am worried about is dropping data from the time I get the packet
in tshark to the time it actually writes to disk.  Because of this I am
trying to find a way to test and see if I received all the packets
Tshark sees on the capture.  I had thought this app was looking at the
interface so once it processed the information from the interface it
would at that point write the data to disk.

Since you are saying it is writing to disk at the same time it is
looking at it, this makes the job of making sure I am not dropping
packets more difficult.

The setup currently that I run is:
Tshark -I 15 -n -B 20 -w capture_`date +%m%d%Y`.pcap -b filesize:20000 >
/dev/null &

This takes whatever comes in on that interface and drops it into a file.

I was hoping to make sure the packets it is writing don't get dropped in
the time it takes them to write to disk since it is sensitive
information we are gathering.
May I suggest you use dumpcap instead of tshark? It was build for the purpose you describe and will do less processing with the packet data. 

Regards, ULFL
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users