Re: How to create a custom stop trigger on WireShark capture

["j.snelders" <j.snelders () telfort nl>]

Hi,

You can use CACE Pilot.

http://www.cacetech.com/products/cace_pilot.html
<snip>
Watches: Advanced Trigger-Alerting Mechanism
CACE Pilot includes a sophisticated triggering and alerting technology called
?Watches.? It is possible to create a Watch (trigger plus action) on virtually
any View metric and be alerted based on a trigger condition computed on the
metric. For example, the user can be alerted on high bandwidth, slow server
response time, high TCP round-trip time, and so on. When a Watch detects
that a trigger condition has been met, an action will be executed. Actions
include event logging, sending email, and starting a packet capture.
<snip>

You can request a full-featured evaluation copy: 
http://www.cacetech.com/products/CACE_Pilot_eval_request.html

Best regards
Joan
http://www.lovemytool.com/blog/2009/10/review_of_wireshark_and_cace_pilot_by_joke_snelders.html

On Fri, 2 Apr 2010 17:16:46 -0700 Shashank Agarwal wrote:
> Hi all,
> I would like WireShark to keep collecting packets until a proprietary packet
> arrives. Essentially, I want WireShark to stop on a trigger. Is this possible,
> maybe thru a wireshark tool (on Windows)? The triggers that come default
> in WireShark are "Stop Capture after - x packets / x MB / x minutes". 
>
> Thanks

       


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe