Hello , i need to write a command where tcp dump makes a capture of size 7GB, i tried -C 7168m but i got "invalid file size" error, does this command have a size limitation? and is there a way to solve this problem keeping the captures in 1 file ? asked 14 Jul '15, 05:32  yas1234 edited 15 Jul '15, 08:36 |
One Answer:
From the tcpdump man page: http://www.tcpdump.org/tcpdump_man.html -C file_size = Before writing a raw packet to a savefile, check whether the file is currently larger than file_size and, if so, close the current savefile and open a new one. Savefiles after the first savefile will have the name specified with the -w flag, with a number after it, starting at 1 and continuing upward. The units of file_size are millions of bytes (1,000,000 bytes, not 1,048,576 bytes). -W = Used in conjunction with the -C option, this will limit the number of files created to the specified number, and begin overwriting files from the beginning, thus creating a 'rotating' buffer. In addition, it will name the files with enough leading 0s to support the maximum number of files, allowing them to sort correctly. Used in conjunction with the -G option, this will limit the number of rotated dump files that get created, exiting with status 0 when reaching the limit. If used with -C as well, the behavior will result in cyclical files per timeslice. answered 14 Jul '15, 06:17  Amato_C |
What do you mean by "in conjunction"? Do you want to merge the separate files into one large file?