From Bugzilla Helper: User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-31 i686) Description of problem: When running tcpdump -w somefile on a busy network to an ext3 filesystem, the file stops being written at 2GB. A FreeBSD box monitoring the same network segment confirms that the files in question should have exceeded 2GB. Version-Release number of selected component (if applicable): This is tcpdump-3.6.2-9 How reproducible: Always Steps to Reproduce: 1. Start tcpdump on a busy network using the -w option to write to a file 2. wait until the output file reaches 2GB 3. Observe that the file doesn't get any larger Expected Results: My impression is that the kernel and filesystem should allow a much larger file size. I can create a file > 2GB by cat'ing files together. Additional info:
After more testing, it looks like the problem may actually reside in libpcap instead of tcpdump. I downloaded sources for both libpcap 0.6.2 and tcpdump 3.6.2. If I compiled libpcap after adding "-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" to the DEFS line in the Makefile, and compiled a new tcpdump from that lib, the capture files could grow > 2GB. This was the case whether or not I added the same compiler DEFS to the tcpdump Makefile.
should be in tcpdump-3.6.2-13