dumpcap -f answer [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]

[Gregorio Tomas Focaccio <public.focaccio () gmail com>]

Hello,

I don't need to wish there was a way to configure a ring-buffer within
Wireshark.  I just start dumpcap running and then analyze the most recent
file with Wireshark.  Works great!

As for my question about leaving the -f argument out of the dumpcap command,
well it does seem to capture "everything".

My original command: dumpcap -b files:5 -i 4 -c 16500 -w 915PBLbr0 resulted
in this warning, but still ran: dumpcap: Ring buffer requested, but no
maximum capture file size or duration were specified.

So, my new command is: dumpcap -b duration:1800 files:5 -i 4 -c 5000 -w
915PBLbr0
It is currently collecting.  I think it will cycle to the next file when the
capture reaches 5000 packets or the duration of capture reaches 30 minutes.

Thanks again Phil

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe