Richard van der Hoff wrote: > The only concern with this would be that dumpcap would presumably then > send a packet count after every packet - which might mean a significant > quantity of data.
Every batch of packets, at least. Some OSes support packet batching, so that a single read from the capture device can supply multiple packets; those OSes support a timeout, so that the read either waits for a full batch or for a timer to expire, so you don't wait indefinitely for a full batch. (Note that this timer is *NOT* necessarily started when the read starts; the timer on SunOS 5.x, for example, starts when the first packet arrives. I.e., this timer does *NOT* guarantee that a read will wait no longer than the timeout, and will return at that point if no packets have arrived; that does *NOT* happen on SunOS 5.x.) BSDs (including OS X) support that in BPF (AIX's BPF doesn't work correctly, so the timeout doesn't work and isn't used). As indicated, SunOS 3.x/4.x/5.x support it, too, as do Digital/Tru64 Unix and Windows with WinPcap. Linux, however, doesn't support batching, at least not in PF_PACKET sockets. _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
