They did not change the implementation, but they tried to make the documentation a little bit clearer. Somewhat recently, there was a GitHub issue opened about the confusing wording. I'm not sure if -W 48 affects it, but perhaps if you get to httpdebug.pcap47 (count starts at 0`, it will stop capturing packets. So I'm thinking cyclical files per timeslice means that the timeslice is -G 1800 and it will cycle every -G 1800 and increment every -C 100. If you never reach that many requests in a period anymore, those high httpdebug.pcapXX numbers won't ever get overwritten. This means that if you have a lot of requests in a 30 minute period, you get to very high httpdebug.pcapXX numbers. Once it hits 30 mins, it seems to jump back to httpdebug.pcap00 and increment the number as it hits 100MB.
It looks to me like it might be capturing as many -C 100MB files as possible in a 30 minute period because httpdebug.pcap03 has the earliest timestamp and it's a lot smaller than 100MB, so it seems like it was cut at a 30 minute mark. Yeah, it doesn't seem to work as MariusMatutiae's answer says. ) cyclically, with period 48, either every 1800 seconds (=30 minutes) or every 100 MB, whichever comes first. This will rotate files (of names trace1, trace2. In the end, your command should be: tcpdump -i en0 -w /var/tmp/trace -W 48 -G 1800 -C 100 -K -n So you should specify -C 100 in order to produce 100 MB files. The units of file_size are millions of bytes (1,000,000 bytes, not 1,048,576 bytes). Savefiles after the first savefile will have the name specified with the -w flag, with a number after it, starting at 1 and continuing upward. īefore writing a raw packet to a savefile, check whether the file is currently larger than file_size and, if so, close the current savefile and open a new one. Thus there is no point in specifying the time format for the name.įurther, the -C option has no argument, while,
which captures 30 minutes worth of dataĪlso, the naming scheme is wrong: from the above, Since you wrote -G 3, you will be rotating this every 3 seconds, while you stated If used in conjunction with the -C option, filenames will take the form of ' file'. If no time format is specified, each new file will overwrite the previous. Savefiles will have the name specified by -w which should include a time format as defined by strftime(3). If specified, rotates the dump file specified with the -w option every rotate_seconds seconds. There are, however, other errors in your command. That's because you wrote -W 3 instead of -W 48.
0 kommentar(er)
