[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-workers
Subject:    [tcpdump-workers] tcpdump stdout buffering to prevent packet loss
From:       "Chris [ChrisMc]" <chrismc911 () hotmail ! com>
Date:       2006-04-17 12:39:00
Message-ID: BAY21-F806404F9B02E29C7B8DEE9BC70 () phx ! gbl
[Download RAW message or body]

Hi,

I am forwarding tcpdump output to stdout using "-w -". My own program uses 
the tcpdump output, transforms it, and writes it to a file or stdout.

All in all, the command line looks like:
tcpdump -w - | myprog

Additionally I am using "-s 0" because I need the whole packet from tcpdump. 
To prevent tcpdump from caching the data and copying to stdout in bursts I 
am using the "-U" option.

The problem is, that on high data rates, my program is too slow to process 
the traffic fast enough. So the data is not fetched from stdin and tcpdump 
drops packets as it can not copy them to stdout.

Is there an option to tell tcpdump to use a big buffer, like some thousand 
packets. I need some method to buffer the data such, that my program has 
time to process packets if the line rate does increase for some seconds.

I was hoping that there was maybe some option in tcpdump that would allow me 
this. Otherwise I would have to write my own stdin buffering.

Thanks a lot,
Chris

_________________________________________________________________
Haben Spinnen Ohren? Finden Sie es heraus – mit dem MSN Suche Superquiz via  
http://www.msn-superquiz.de  Jetzt mitmachen und gewinnen!

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
[prev in list] [next in list] [prev in thread] [next in thread]