On 20 Nov 2005, at 23:16, Damien Miller wrote:
On Sat, 19 Nov 2005, poncenby smythe wrote:
Dear list,
Does anyone why the versions of tcpdump and libpcap in 3.8 GENERIC
(3.2(i think) and 0.5 respectively) are quite a way off from the
current stable releases (0.9.4).
Exactly what do you want from the tcpdump.org version?
I believe the tcpdump shipped with 3.8 GENERIC does not support the -
C switch (meaning chunk the captured data by a specified limit in
megabytes).
I am also conscious of the old version keeping up with the level of
traffic attempting to be captured, although this is assuming that
newer versions of libpcap/tcpdump have performance benefits.
A side question: I have two interfaces, one captures receive traffic
and the other transmit traffic. So in order to capture full-duplex
flows I have 'bonded' these two interfaces together with brconfig.
However I am not satisfied this is the best method as both interfaces
receive a copy of the others traffic, all I really want is one
interface to receive the others traffic and set tcpdump to listen on
that interface. There is also 'extra' stuff with bridge0 interface
like filtering and 'learning' addresses for forwarding packets, all
of which will (i guess) affect the speed at which it can pass the
packets up to tcpdump.
Any thoughts?
poncenby
