hello, I am using tcpdump on Linux and going to know how tcpdump write to disk ? Raw mode or cook mode ? It means tcpdump write to disk or Linux write to disk ? Thank you asked 08 Jul '14, 20:55  mhch |
One Answer:
Tcpdump, like Wireshark and the programs that are part of it, and almost all programs running on Windows, Linux, OS X, Solaris, *BSD, and all other UN*Xes (and most other operating systems on the planet), write files out through the file system. answered 08 Jul '14, 21:49  Guy Harris ♦♦ |
Hm.. you could have answered that question yourself by applying logical reasoning.
Does tcpdump create a file (in a filesystem) if you use it with option -w?
If yes, raw disk mode does not sound like a reasonable option, does it ;-))