Tethereal Ringbuffer

Simple loggerscript, easy for running with nohup or screen.

- - -

#!/bin/sh
FILESIZE=1000000
FILENUMBER=200
INTERFACE=em0
/usr/local/bin/tethereal -n -i $INTERFACE -s 1515 -q -a filesize:$FILESIZE -b files:$FILENUMBER -w /nsm/em0/tethereal.fullcontent.ringbuffer.em0

- - -

Other tools

Mr Bejtlich shows Deamonlogger, running ringbuffer using nonroot user/group.
http://taosecurity.blogspot.com/2007/04/daemonlogger-in-ring-buffer-mode.html

OpenBSD provides tcpdump builtin priv sep
http://ftp.bg.openbsd.org/OpenBSD/src/usr.sbin/tcpdump/privsep.c