From owner-freebsd-hackers Thu Dec 7 23:27:27 2000 From owner-freebsd-hackers@FreeBSD.ORG Thu Dec 7 23:27:25 2000 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from c014.sfo.cp.net (c014-h003.c014.sfo.cp.net [209.228.12.67]) by hub.freebsd.org (Postfix) with SMTP id 6BB4F37B400 for ; Thu, 7 Dec 2000 23:27:25 -0800 (PST) Received: (cpmta 10450 invoked from network); 7 Dec 2000 23:27:24 -0800 Received: from d8c81e5f.dsl.flashcom.net (HELO quadrajet.flashcom.com) (216.200.30.95) by smtp.flashcom.net (209.228.12.67) with SMTP; 7 Dec 2000 23:27:24 -0800 X-Sent: 8 Dec 2000 07:27:24 GMT Received: (from guy@localhost) by quadrajet.flashcom.com (8.9.3/8.9.3) id XAA00484; Thu, 7 Dec 2000 23:27:22 -0800 (PST) (envelope-from gharris) Date: Thu, 7 Dec 2000 23:27:22 -0800 From: Guy Harris To: Matt Dillon Cc: Dragos Ruiu , tcpdump-workers@tcpdump.org, ethereal-dev@ethereal.com, snort-devel@lists.sourceforge.net, freebsd-hackers@FreeBSD.ORG, tech@openbsd.org Subject: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!? Message-ID: <20001207232722.A352@quadrajet.flashcom.com> References: <0012072118150Q.09615@smp.kyx.net> <200012080547.eB85lKc17216@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200012080547.eB85lKc17216@earth.backplane.com>; from dillon@earth.backplane.com on Thu, Dec 07, 2000 at 09:47:20PM -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Dec 07, 2000 at 09:47:20PM -0800, Matt Dillon wrote: > Looking at the data I would guess that they > are appending to a file using write()'s on a packet-by-packet basis Unlikely, given that they're using "tcpdump", which, with the "-w" flag, writes using standard I/O, and doesn't do "fflush()"es on a packet-by-packet basis. > or with a redirect from tcpdump on a shell line, Assuming, as I suspect is the case, that they're using the same command on the OSes in question (or using "tcpdump" on FreeBSD and "windump" on Windows), that's also unlikely - it's just "{tcp,win}dump -w test.acp". To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message