Wireshark mailing list archives

Re: CentOS 6.3 and DUMPCAP -B option

From: John Powell <jrp999 () gmail com>
Date: Wed, 8 Aug 2012 12:12:48 -0600

When I try to start up the service it fails with the following:

/usr/sbin/dumpcap: invalid option -- 'B'
dumpcap: Invalid Option: -B


When I run dumpcap directly with the -B option I get:

[root@stc0034635 ~]# dumpcap -B 2
dumpcap: invalid option -- 'B'
dumpcap: Invalid Option: -B

Usage: dumpcap [options] ...

Capture interface:
  -i <interface>           name or idx of interface (def: first
non-loopback)
  -f <capture filter>      packet filter in libpcap filter syntax
  -s <snaplen>             packet snapshot length (def: 65535)
  -p                       don't capture in promiscuous mode
  -y <link type>           link layer type (def: first appropriate)
  -D                       print list of interfaces and exit
  -L                       print list of link-layer types of iface and exit
  -S                       print statistics for each interface once every
second
  -M                       for -D, -L, and -S produce machine-readable
output

Stop conditions:
  -c <packet count>        stop after n packets (def: infinite)
  -a <autostop cond.> ...  duration:NUM - stop after NUM seconds
                           filesize:NUM - stop this file after NUM KB
                              files:NUM - stop after NUM files
Output (files):
  -w <filename>            name of file to save (def: tempfile)
  -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
                           filesize:NUM - switch to next file after NUM KB
                              files:NUM - ringbuffer: replace after NUM
files
  -n                       use pcapng format instead of pcap
Miscellaneous:
  -v                       print version information and exit
  -h                       display this help and exit

Example: dumpcap -i eth0 -a duration:60 -w output.pcap
"Capture network packets from interface eth0 until 60s passed into
output.pcap"

Use Ctrl-C to stop capturing at any time.

1.2.15 is old but is the latest version I get with CentOS 6.3.

Thoughts and suggestions are most welcome!

Thanx in advance!!

-John

On Wed, Aug 8, 2012 at 11:51 AM, Michael Tuexen <
Michael.Tuexen () lurchi franken de> wrote:


On Aug 8, 2012, at 7:39 PM, Jeff Morriss wrote:

John Powell wrote:

Hi Everyone,
I am performing a continuous capture of a large IP stream using dumpcap.
I have been told by my users that they are experiencing packet drop.
I am running CentOS 6.3 with:
   * wireshark-1.2.15-2.el6_2.1.x86_64
   * wireshark-gnome-1.2.15-2.el6_2.1.x86_64
   * libpcap-1.0.0-6.20091201git117cb5.el6.x86_64
I found this solution on a Dumpcap man page:
*-B <capture buffer size>*

[...]

but alas this options in not available on my build even though I am

running libpcap 1.0.0-6.

*Any suggestions as to how to utilize the capture buffer size option on

my machine will be greatly appreciated!*


What kind of error are you getting that says "-B" isn't working?  I just

tried it on 6.1 and dumpcap did not complain when I gave it the "-B"
argument.
Not sure, but wireshark 1.2.15 is pretty old. Does it already support the
-B option?

Best regards
Michael

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request () wireshark org

?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

CentOS 6.3 and DUMPCAP -B option John Powell (Aug 08)
- Re: CentOS 6.3 and DUMPCAP -B option Jeff Morriss (Aug 08)
  - Re: CentOS 6.3 and DUMPCAP -B option Michael Tuexen (Aug 08)
    - Re: CentOS 6.3 and DUMPCAP -B option John Powell (Aug 08)
    - Re: CentOS 6.3 and DUMPCAP -B option Guy Harris (Aug 08)
    - Re: CentOS 6.3 and DUMPCAP -B option Jeff Morriss (Aug 08)
    - Re: CentOS 6.3 and DUMPCAP -B option John Powell (Aug 08)
    - Re: CentOS 6.3 and DUMPCAP -B option Jeff Morriss (Aug 08)
    - Re: CentOS 6.3 and DUMPCAP -B option John Powell (Aug 09)
    - Re: CentOS 6.3 and DUMPCAP -B option Jeff Morriss (Aug 09)
    - Re: CentOS 6.3 and DUMPCAP -B option John Powell (Aug 09)