Wireshark mailing list archives

Re: dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]

From: Guy Harris <guy () alum mit edu>
Date: Tue, 24 Aug 2010 17:22:56 -0700


On Aug 24, 2010, at 4:52 PM, Gregorio Tomas Focaccio wrote:

The documentation I found for dumpcap did not say what happens if the -f filter argument is left off the dumpcap 
command.  Do you know what happens?


It does no filtering - every packet that gets handed by the lower levels of the OS (device driver, maybe lower levels 
of the networking stack before, for example, IP) to the packet capture mechanism (and doesn't get dropped by the packet 
capture mechanism because its buffer fills up) gets passed on to libpcap/WinPcap, and gets written to a file by dumpcap.

(The same is true of tcpdump, BTW.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Gregorio Tomas Focaccio (Aug 24)
- Re: dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Guy Harris (Aug 24)
- Re: dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Phil Paradis (Aug 24)
- Re: dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Jeff Morriss (Aug 25)