tcptrace stdin/pipe buffering

From: pripke@csc.com.au
Date: 10/16/02

Next message: pripke@csc.com.au: "Re: tcptrace stdin/pipe buffering"

Previous message: Avinash Lakhiani: "Re: tcptrace Feature Request"
Next in thread: pripke@csc.com.au: "Re: tcptrace stdin/pipe buffering"
Reply: pripke@csc.com.au: "Re: tcptrace stdin/pipe buffering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Subject: tcptrace stdin/pipe buffering
Message-ID: <OF51387BBC.96C08588-ONCA256C54.00148BA6@int.csc.com.au>
From: pripke@csc.com.au
Date: Wed, 16 Oct 2002 15:06:22 +1000

I'm trying to run a pipe from tcpdump to tcptrace on a fairly busy 10Mbit
FDX interface on an dual CPU Alpha running DEC/Compaq/HP Tru64 4.0D. After
banging on the 6.2.0 source for a bit, it compiles and runs fine on saved
data. eg. running
      tcptrace -r -l raw.gz
works fine. However, the following only works about 50% of the time:
      gzip -dc raw.gz | tcptrace -r -l stdin
and the following just plain doesn't work:
      tcpdump -p -i tu4 -w - | tcptrace -r -l stdin

Errors are:
      ksh$ tcpdump -p -i tu4 -c 1000000 -w - | tcptrace -r -l stdin
      1 arg remaining, starting with 'stdin'
      Ostermann's tcptrace -- version 6.2.0 -- Fri Jul 26, 2002

      tcpdump: listening on tu4
      Using kernel BPF filter
      PCAP error: 'bogus savefile header'
      100 packets seen, 100 TCP packets traced
      elapsed wallclock time: 0:00:01.141011, 87 pkts/sec analyzed
      trace file elapsed time: 0:00:00.119018

It seems to always die around the 99-100 packet mark, which, with default
snaplen is (no surprises) around the 8k mark, the native pagesize.

I've looked through the code in compress.c to get a handle on the
buffering, but I'm wondering if anyone else has seen this, and, even
better, has a fix.

Thanks,
Paul Ripke
UNIX/OpenVMS Sysadmin
101 reasons why you can't find your Sysadmin:
68. It's 9 AM. He/she is not working that late.
----------------------------------------------------------------------------------------

This email, including any attachments, is intended only for use by the
addressee(s) and may contain confidential and/or personal information and
may also be the subject of legal privilege. Any personal information
contained in this email is not to be used or disclosed for any purpose
other than the purpose for which you have received it. If you are not the
intended recipient, you must not disclose or use the information contained
in it. In this case, please let me know by return email, delete the message
permanently from your system and destroy any copies.
----------------------------------------------------------------------------------------

----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.

Next message: pripke@csc.com.au: "Re: tcptrace stdin/pipe buffering"
Previous message: Avinash Lakhiani: "Re: tcptrace Feature Request"
Next in thread: pripke@csc.com.au: "Re: tcptrace stdin/pipe buffering"
Reply: pripke@csc.com.au: "Re: tcptrace stdin/pipe buffering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : 10/16/02 EDT