Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 7 Dec 2000 23:38:09 -0800 (PST)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        Guy Harris <gharris@flashcom.net>
Cc:        Dragos Ruiu <dr@kyx.net>, tcpdump-workers@tcpdump.org, ethereal-dev@ethereal.com, snort-devel@lists.sourceforge.net, freebsd-hackers@FreeBSD.ORG, tech@openbsd.org
Subject:   Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?
Message-ID:  <200012080738.eB87c9817756@earth.backplane.com>
References:  <0012072118150Q.09615@smp.kyx.net> <200012080547.eB85lKc17216@earth.backplane.com> <20001207232722.A352@quadrajet.flashcom.com>

next in thread | previous in thread | raw e-mail | index | archive | help
:>     or with a redirect from tcpdump on a shell line,
:
:Assuming, as I suspect is the case, that they're using the same command
:on the OSes in question (or using "tcpdump" on FreeBSD and "windump" on
:Windows), that's also unlikely - it's just "{tcp,win}dump -w test.acp".

    It amounts to the same thing, since -w does nothing more then an
    fopen(..."w").  You get a pidly 8K buffer out of that, and it isn't
    even double buffered.

    But I think the last poster had it right... if the bpf buffer size
    was not changed from the default 4096, just about anything can interrupt
    the packet flow.

						-Matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012080738.eB87c9817756>