Date: Thu, 7 Dec 2000 23:27:22 -0800 From: Guy Harris <gharris@flashcom.net> To: Matt Dillon <dillon@earth.backplane.com> Cc: Dragos Ruiu <dr@kyx.net>, tcpdump-workers@tcpdump.org, ethereal-dev@ethereal.com, snort-devel@lists.sourceforge.net, freebsd-hackers@FreeBSD.ORG, tech@openbsd.org Subject: Re: [Ethereal-dev] Re: Fwd: kyxtech: freebsd outsniffed by wintendo !!?!? Message-ID: <20001207232722.A352@quadrajet.flashcom.com> In-Reply-To: <200012080547.eB85lKc17216@earth.backplane.com>; from dillon@earth.backplane.com on Thu, Dec 07, 2000 at 09:47:20PM -0800 References: <0012072118150Q.09615@smp.kyx.net> <200012080547.eB85lKc17216@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 07, 2000 at 09:47:20PM -0800, Matt Dillon wrote:
> Looking at the data I would guess that they
> are appending to a file using write()'s on a packet-by-packet basis
Unlikely, given that they're using "tcpdump", which, with the "-w" flag,
writes using standard I/O, and doesn't do "fflush()"es on a
packet-by-packet basis.
> or with a redirect from tcpdump on a shell line,
Assuming, as I suspect is the case, that they're using the same command
on the OSes in question (or using "tcpdump" on FreeBSD and "windump" on
Windows), that's also unlikely - it's just "{tcp,win}dump -w test.acp".
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001207232722.A352>