Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
pcap file not written to disk for ring size 5GiB #128
Reported by Michal Purzynski (see http://article.gmane.org/gmane.linux.network.netsniff-ng/519 for details)
I believe this issue may be caused by kernel security patch to net/patacket/af_packet.c. The patch has been backported to older kernels. It will prevent you from allocating a ring buffer greater than 4 GiB. The largest you can get is --ring-size 4194303KiB (2^32 - 1024 bytes).