On Sep 24, 2003, at 10:48 AM, Munshi, Shahid K. (Manpower Contract)
wrote:
I am trying to capture network traffic for 60 seconds using windump
utility for windows under Windows 2000 Server platform.
Then this should probably be sent to winpcap-users@xxxxxxxxxxxxxxxxx.
However:
When I open the Captured file , There is nothing in file.... Anybody
explain me why ?
import os,win32pipe
TooMuchTime = 60
x = win32pipe.popen("windump > Test.txt",'w+')
tcpdump/WinDump, like Tethereal, use the C language's "standard I/O
library" routines to produce output. Those routines, when you write to
a file, do not, by default, write lines to the file immediately - they
buffer up data and write it in buffered chunks, which are probably
somewhere between 512 bytes and 8192 bytes. On Windows, I think it's
typically 4096 bytes.
Therefore, unless, after 60 units of time (seconds, I assume, if
"time.time()", in whatever language your software is written, is like
UNIX's "time()" call), more than that buffer size (4096 bytes, for
example) worth of output has been produced, nothing will have been
written to the file yet.
tcpdump/WinDump support a "-l" command-line flag - see the man page at
http://windump.polito.it/docs/manual.htm
which says
-l
Make stdout line buffered. Useful if you want to see the data while
capturing it. E.g.,
``tcpdump -l | tee dat'' or ``tcpdump -l >
dat & tail -f dat''.
Your program (except for the fact that it doesn't read Test.txt) is
similar to the second of those examples; try doing
x = win32pipe.popen("windump -l > Test.txt",'w+')
although note that line-buffering is less efficient than regular
("full") buffering.
(To make this slightly more relevant to the ethereal-users mailing
list, this is another example of when to use the "-l" flag, which
Tethereal also has, and about which another person on this list
recently asked.)
