[Snort-devel] Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!?

Guy Harris gharris at ...148...
Fri Dec 8 02:27:22 EST 2000


On Thu, Dec 07, 2000 at 09:47:20PM -0800, Matt Dillon wrote:
>     Looking at the data I would guess that they
>     are appending to a file using write()'s on a packet-by-packet basis

Unlikely, given that they're using "tcpdump", which, with the "-w" flag,
writes using standard I/O, and doesn't do "fflush()"es on a
packet-by-packet basis.

>     or with a redirect from tcpdump on a shell line,

Assuming, as I suspect is the case, that they're using the same command
on the OSes in question (or using "tcpdump" on FreeBSD and "windump" on
Windows), that's also unlikely - it's just "{tcp,win}dump -w test.acp".



More information about the Snort-devel mailing list