Wireshark mailing list archives
Re: dumpcap -c caveat [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]
From: kevin creason <ckevinj () gmail com>
Date: Thu, 26 Aug 2010 07:00:29 -0500
This thread was very helpful-- but it wasn't working for me. It only took the first -b flag, I had to make the duration/filesize option a "-a" flag and only the "files:#" on the -b flag. I went with the filesize rotation rather than a duration because the files from the duration of 120 seconds ranged from a few mb to 500mb on my small business network. A 500mb file in Wireshark is not easy to work with! I want to have several hours worth to go back and look at, so we'll see how this will work. Here's my command: dumpcap -a filesize:6000 -b files:150 -i eth3 -w /var/dumpcap/eth3 -Kevin /*“ I am looking for a lot of men who have an infinite capacity to not know what can't be done. ” -- Henry Ford */ On Tue, Aug 24, 2010 at 7:42 PM, Gregorio Tomas Focaccio < public.focaccio () gmail com> wrote:
Be aware that the -c argument appears to be absolute and overrides any of the ring buffer arguments. My command: dumpcap -b duration:1800 files:5 -i 4 -c 5000 -w 915PBLbr0 stopped at 5000 packets and did not start writing to the next file. My new, and hopefully final command for capturing all packet seen by the 4th interface of dumpcap -D list to a ring-buffer of 5 files with a capture duration of 30 minutes each is: dumpcap -b duration:1800 files:5 -i 4 -w 915PBLbr0 ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- dumpcap -c caveat [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Gregorio Tomas Focaccio (Aug 24)
- Re: dumpcap -c caveat [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] kevin creason (Aug 26)