#52 Doing a solution to have an enhanced realtime capture method

[Carlos Gacimartín]

As Xplico was bron to decode, not to capture, a unique process does both tasks. If decoding it need more time of CPU, it will not listen at the interface and so on will loose data.

So, a system more or less functional would be using tcpdump, writing in a pipe and give its contents to Xplico. In this way, Xplico would process all the info.

# fifo
mkfifo /opt/xplico/pol_1/sol_1/decode/rt.pcap

# start tcpdump
touch /tmp/tmp.pcap
tail -f /tmp/tmp.pcap > /opt/xplico/pol_1/sol_1/decode/rt.pcap &
(tshark -i eth0 -w /tmp/tmp.pcap) &

Problem: tmp.pcap could grow and use the entire disk, big problem. Pipes can change its size (system variable PIPE_SIZE).