[tcpdump-workers] Request for feedback on terminating tcpdump capture after specified time

Greg Steinbrecher grs at fb.com
Wed Aug 1 12:12:07 EDT 2018


The actual PR needs some cleanup/rebasing, but before doing that it was pointed out that soliciting feedback would be a good idea. PR here: https://github.com/the-tcpdump-group/tcpdump/pull/684


Motivation on our end was termination of captures after short periods of time -- say, grabbing 50ms of packets -- on high rate interfaces. The OS doesn't have enough insight into when the capture actually starts to get enough granularity in termination. The implementation here measures using the packet timestamps, starting with the first packet seen.


This feature was also requested here: https://github.com/the-tcpdump-group/tcpdump/issues/338


Thanks/Greg



More information about the tcpdump-workers mailing list