On Wed, May 03, 2006 at 12:15:30PM +0000, Alexey Toptygin wrote: > > I'm curious, how would you do this without filling the disk? With a script > that starts tcpdump to a ring in the background, waits for the offending > log entry to appear and then kills tcpdump?
Well if you know the set of IPs that's likely to cause this you just run tcpdump with an expression to filter out all traffic but those IPs. Sinec tcpdump only captures 100 bytes of each packet by default, it should be manageable assuming that this problem occurs relatively frequently. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html