Reputation: 69
Tcpdump with pipeline goes slow
I'm very surprised by the behavior of tcpdump. I wrote simple code to do echoes like:
while (n)
{
n = fread(buf, 16, 1, stdin);
printf("%s", buf);
fflush(stdout);
}
and then i do something like
$ tcpdump | ./EchoTest
i get a lot of tcpdump packets in echo output suppressed until some amount of them. Why it happens?? things like
$ cat file | ./EchoTest
or
$ tail -f file | ./EchoTest
(with "$ echo "blabla" >> file)
works perfectly and i get output instantly. Does somebody know how to force tcpdump do its output in pipeline as it appeares??
Upvotes: 1
Views: 2826
Answers (2)
Reputation: 30197
Probably tcpdump has much more traffic to handle than your packets only, and what normally slows it down as well as @thkala's suggestion is resolving. Feeding it with -n option speeds up its output.
-n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
Upvotes: 1
Reputation: 86403
From the tcpdump manual page:
-l
Make stdout line buffered. Useful if you want to see the data while capturing it. E.g.,
''tcpdump -l | tee dat'' or ''tcpdump -l > dat & tail -f dat''.
Bottom line: the output of tcpdump is buffered - you need the -l option to have it output each packet/line immediately.
Upvotes: 2
Related Questions
- Bash broken pipe with tcpdump
- Packets getting dropped with Libpcap in C on 1 Gig Traffic
- how to make python read .pcap data captured by tcpdump with pipe on linux?
- speed up bash script with multithreading?
- how to process tcpdump outputs in c
- Fork Process / Read Write through pipe SLOW
- Piping the output of tcpdump multiple times
- tcpdump inside a shell script captures nothing
- tcpdump slowed down by... its own filter?
- ReadLine on TCPDump-Buffer sometimes blocks until kill tcpdump