Red Hat Bugzilla – Bug 61429
tcpdump won't write files > 2GB
Last modified: 2008-05-01 11:38:01 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-31 i686)
Description of problem:
When running tcpdump -w somefile on a busy network to an ext3 filesystem, the
file stops being written at 2GB. A FreeBSD box monitoring the same network
segment confirms that the files in question should have exceeded 2GB.
Version-Release number of selected component (if applicable):
This is tcpdump-3.6.2-9
Steps to Reproduce:
1. Start tcpdump on a busy network using the -w option to write to a file
2. wait until the output file reaches 2GB
3. Observe that the file doesn't get any larger
Expected Results: My impression is that the kernel and filesystem should allow
a much larger file size. I can create a file > 2GB by cat'ing files together.
After more testing, it looks like the problem may actually reside in libpcap
instead of tcpdump.
I downloaded sources for both libpcap 0.6.2 and tcpdump 3.6.2. If I compiled
libpcap after adding "-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" to the DEFS
line in the Makefile, and compiled a new tcpdump from that lib, the capture
files could grow > 2GB.
This was the case whether or not I added the same compiler DEFS to the tcpdump
should be in tcpdump-3.6.2-13