Hi Guy,
I had seen an eth file in the /tmp directory earlier that had been increasing in size - I do not see it now so it must have been a user doing a manual capture.
Thanks for getting back to me and correcting the error in my understanding....
My guess is that the issue is strictly with writing the file down to the disk so I will work on hardware to enhance that.
Hope you have a great day!!
-John
On Thu, Dec 13, 2012 at 2:50 PM, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
On Dec 13, 2012, at 8:51 AM, John Powell <
jrp999@xxxxxxxxx> wrote:
> I am currently running DUMPCAP as a service to capture packets in a high packet throughput environment.
>
> The command used is:
>
> /usr/local/bin/dumpcap -B 16 -i 2 -f vlan and (not vrrp and not udp port 1985 and not ether host 01:00:0c:cc:cc:cc) -g -b filesize:250000 -b duration:900 -w /data/eth1.cap
>
> I am experiencing disk IO issues.
>
> I suspect that part of my disk IO issue is due to copying the rotated file from \tmp to \data
Or are you just *assuming* it's writing the files to /tmp and copying them rather than just writing directory to files in /data? It would be unwise to assume that, given that, in fact, it *doesn't* do that (and *didn't* do that in a test I just did); if you're seeing it copy the file, that's a bug.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
