1

tcpdump -W 5 -C 10 -w capfile I know what this command does, which is rotating buffer of 5 files (-W 5) and tcpdump switches to another file once the current file reaches 10,000,000 bytes, about 10MB (-C works in units of 1,000,000 bytes, so -C 10 = 10,000,000 bytes). The prefix of the files will be capfile (-w capfile), and a one-digit integer will be appended to each: how to save a new file when tcpdum file size reaches 10Mb

My question is what happens if I set -W to 1: tcpdump -W 1 -C 10 -w capfile

Is this gonna only have 1 file with max size 10 MB contains the latest capture?

Jialiang Zhou
  • 83
  • 1
  • 7
  • for tcpdump -W 5 -C 10 -w capfile, it will have capfie0 to capfile4 each has max size of 10 MB. if I set -W to 1, is it gonna create a file has the latest 10MB capture which is same as capfile4? – Jialiang Zhou Mar 22 '18 at 19:23
  • 3
    I have to say that this question is so trivial that you can answer it yourself in about 5 minutes. Have you actually tried what you are proposing to see how the tool behaves? – David Hoelzer Mar 22 '18 at 20:20

0 Answers0