Wireshark-dev: [Wireshark-dev] File size limits on Linux and building for large file support
From: Shehjar Tikoo <[email protected]>
Date: Tue, 26 Jun 2007 10:51:56 +1000
Hi all,

I've seen a few posts in wireshark-users archive where Ulf Lamping mentions incorporating support for gint64 offsets for traffic dump files.
Does this imply that tshark can write pcap files using large file 
support on Linux without the need to resort to multiple capture ring 
files?
If not, is it possible to build myself a tshark version that does 
support writing to large files by specifying
	
	 CFLAGS=-D_GNU_SOURCE\ -D_FILE_OFFSET_BITS=64

,etc to the configure script?

My doubt with the above method is that the system's underlying libpcap might not support large files, in which case tshark might not either.
How does tshark interact with libpcap while dumping to pcap?
Will the file size limit on libpcap also limit the output file sizes for tshark even if I specify the above CFLAGS for my build?
I do not need to use wireshark so I am not very concerned about huge 
memory usage for those large pcap files.
Thanks in advance,
Shehjar