tcpdump -C not working

COOL_M_F

COOL_M_F

Hi
Not sure if this is the right place to ask, but here goes:

I'm trying to get the following command to work in pfSense 2.2.1:
tcpdump -C 1 -W 3 -i em1 -w capture.pcap 'host 10.0.47.1'

I tried the pfSense forum but since tcpdump(1) is part of FreeBSD they suggested that I asked here instead.

What should happen is: it creates a file called capture.pcap0 and dumps packets until it reaches 1,000,000 bytes and then it starts with file 2 and 3. When file 3 is full it starts all over with file 1.

What does happen: it creates a file called capture.pcap0 and starts to dump packets there. It won't rotate, capture.pcap0 just keeps growing in size. I aborted first run when capture.pcap0 was approximately 500 MB.

Any ideas?
 
Last edited by a moderator:
The exact same command works fine on FreeBSD 10-STABLE:

Code: 
[cmd]tcpdump -C 1 -W 3 -i em1 -w capture.pcap[/cmd]
-rw-r--r--   1 root  wheel     1001398 Apr 21 10:51 capture.pcap0
-rw-r--r--   1 root  wheel     1000488 Apr 21 10:51 capture.pcap1
-rw-r--r--   1 root  wheel      753664 Apr 21 10:52 capture.pcap2
 
I just did a test, downloaded Freebsd-10.1-RELEASE-i386-disc1.iso and made a test install in VirtualBox.
Code: 
[CMD]tcpdump -C 1 -W 3 -i em0 -w capture.pcap &[/CMD]
-rw-r--r--   1   root  wheel       10944512   Apr 22 16:22  capture.pcap0

Pfsense 2.2.1 is running on FreeBSD 10.1-RELEASE-p6.

Filed a PR PR 199568.
 
I was able to replicate it on an amd64 10.1-RELEASE and a recent i386 10.1-STABLE at r281682.

DutchDaemon, is there anything unique about your configuration? Both of mine are running GENERIC.
 
You must log in or register to reply here.
Back
Top