Writing DUMPCAP ring buffer file directly to destination

[John Powell <jrp999 () gmail com>]

Hi Everyone,

I am currently running DUMPCAP as a service to capture packets in a high
packet throughput environment.

The command used is:

/usr/local/bin/dumpcap -B 16 -i 2 -f vlan and (not vrrp and not udp port
1985 and not ether host 01:00:0c:cc:cc:cc) -g -b filesize:250000 -b
duration:900 -w /data/eth1.cap


I am experiencing disk IO issues.

I suspect that part of my disk IO issue is due to copying the rotated file
from \tmp to \data

Is there anyway to use Wireshark to write the rotated files directly to the
output directory, bypassing the /tmp and the resulting copy?

Thanks!

-John

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe