Clarification of DUMPCAP -B option

[John Powell <jrp999 () gmail com>]

Hi Everyone,

I am using the -B option of Dumpcap with a buffer of 2 MB.

When I read the manpage it creates some questions as to what Dumpcap is
actually doing:

       -B  <capture buffer size>
           Set capture buffer size (in MB, default is 1MB).  This is used
by the the capture driver to buffer packet data until that data can
           be written to disk.  If you encounter packet drops while
capturing, try to increase this size.  Note that, while Dumpcap attempts
           to set the buffer size to 1MB by default, and can be told to set
it to a larger value, the system or interface on which youâre
           capturing might silently limit the capture buffer size to a
lower value or raise it to a higher value.

           This is available on UNIX systems with libpcap 1.0.0 or later
and on Windows.  It is not available on UNIX systems with earlier
           versions of libpcap.

           This option can occur multiple times. If used before the first
occurrence of the -i option, it sets the default capture buffer
           size.  If used after an -i option, it sets the capture buffer
size for the interface specified by the last -i option occurring
           before this option. If the capture buffer size is not set
specifically, the default capture buffer size is used if provided.

My question is based on the RED text above from the Dumpcap manpage and is:


   - *How can I tell if Dumpcap is successful in setting the buffer size to
   the requested value and what is the buffer size actually being used?*


Thanks in advance for your guidance!

-John

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe