Thanks to all pro's who used a few moments to note down their bits of knowledge essential to me. Reminder of the question: I wanted to snoop an interface with high traffic and not fill up the disk partition I was snooping to 1) Use logadm to rotate the output, didn't try this one, but I will explore the function in the future 2) Use Tcpdumwhich has rotation of the output built in with the switch -s (this was my choice) root@box# tcpdump -I <foo> -w something.pcap -C <number of megabytes> -s 0 <capture spec> 3) Use filters to a maximum to limit the file size (requires a tedious reading of the snoop man file) 4) Use Ethereal instead (I can't use it on the target production machine) 5) Use Awk or Perl (yes, but too much tinkering for too little time)) 6) Finally a warning that I might loose the fileheader and won't be able to do snoop -i after (Actually I analyze the output with etherreal) Br, Ragnar Moller Til: + 33 1 69 93 75 73 / ECN 879 5206 Mobile: + 33 6 50 86 47 24 Fax: + 33 1 69 93 70 10 Sicr: + 33 1 69 93 76 01 Email: ragnar.moller@ericsson.com _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Mon Jan 8 03:53:33 2007
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:03 EST