On Mon, 22 Nov 2004 13:10:09 +0100, Ramon Kukla <[EMAIL PROTECTED]> wrote: > Hi everybody, > > I searched the web and checked a couple of times the tcpdump manuals to > be sure that I didn't overlooked something. But I have to admit that I > didn't find any solution for my problem. > I would like to run tcpdump saving the dumps into a number of files > with the size 'n'. > Currently I'm running tcpdump with 'tcpdump -C 50 -w filename -i eth1'. > But I would like to have an option saying 'If you finished writing > file 50 please start to overwrite file number 0' (ring buffer ). > And yes... I could use ethereal. But in fact this time I just have the > ability to use tcpdump due to the lack of a missing X ;) > > So maybe anyone with a nice idea or a hint how tcpdumd would create my > ring buffer? > > Thanks for your help > Ramon >
Hi, I believe that that exact functionality is implemented by the -W flag: tcpdump -C 50 -W 10 -w filename -i eth1 Where you want to have a ring buffer of 10 files totral. I'm not sure what version this appeared in, but it is in the 'current' tarballs. I hope this is what you're looking for. cheers, will - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
