Hi, I am using tcpdump version 3.7.1 on Redhat linux 7.0 kernel version 2.4.5. In the source code of tcpdump , there is a situation where pcap_loop is being used to capture packets and save them to a savefile. If we give '-1' as count to it, it will capture infinitely until interrupted. When the program is exited by pressing CTRL+C, the control is going to 'cleanup' function. But I wonder there is no pcap_close or pcap_dump_close in the 'cleanup' function corresponding to previous pcap_open_live and pcap_dump_open. But still savefile is being closed properly and packets can be read from it later using tcpdump -r option. How is this possible? How are the pcap_dump_close and pcap_close called from 'cleanup' and from where ?
Regards, Y Sreenivasulu [EMAIL PROTECTED] - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
