When is the -w option useful ?
What is the real need to write the traffic to a tcpdump file if we are
analysing it already
It can be very useful to be able to analyze traffic off-line in order
to explore changes to policy scripts. For operational use, my experience
is it's rare to wind up going to the trace file, so if the disk space
is a problem, skipping it should generally be okay.