Date: Thu, 7 Dec 2000 23:38:09 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: Guy Harris <gharris@flashcom.net> Cc: Dragos Ruiu <dr@kyx.net>, tcpdump-workers@tcpdump.org, ethereal-dev@ethereal.com, snort-devel@lists.sourceforge.net, freebsd-hackers@FreeBSD.ORG, tech@openbsd.org Subject: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!? Message-ID: <200012080738.eB87c9817756@earth.backplane.com> References: <0012072118150Q.09615@smp.kyx.net> <200012080547.eB85lKc17216@earth.backplane.com> <20001207232722.A352@quadrajet.flashcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:> or with a redirect from tcpdump on a shell line, : :Assuming, as I suspect is the case, that they're using the same command :on the OSes in question (or using "tcpdump" on FreeBSD and "windump" on :Windows), that's also unlikely - it's just "{tcp,win}dump -w test.acp". It amounts to the same thing, since -w does nothing more then an fopen(..."w"). You get a pidly 8K buffer out of that, and it isn't even double buffered. But I think the last poster had it right... if the bpf buffer size was not changed from the default 4096, just about anything can interrupt the packet flow. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012080738.eB87c9817756>