Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-dev: [Wireshark-dev] explicitly stop capture with Tshark

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: "Joshua (Shiwei) Zhao" <swzhao@xxxxxxxxx>
Date: Tue, 3 Feb 2009 15:53:51 -0800

I know that with tshark we can preset an autostop parameter (a duration or number of captured packets). However, if our target capture is quite dynamic, is there a way to nicely and explicitly stop the capture? We can kill the process but many times the capture buffer couldn't be correctly flushed into a file before it's killed.

Is it possible to do sth like:

tshrk -start XXXXX

............

tshark -stop XXXX

I understand there must be good reason why tshark didn't have that option. But is it possible? Can we get something working similar to that?

We like to use it on both windows and linux.

Many thanks,

Joshua

Follow-Ups:
- Re: [Wireshark-dev] explicitly stop capture with Tshark
  - From: Guy Harris

Prev by Date: [Wireshark-dev] Tips on using ETT for variable sized data
Next by Date: Re: [Wireshark-dev] explicitly stop capture with Tshark
Previous by thread: Re: [Wireshark-dev] Tips on using ETT for variable sized data
Next by thread: Re: [Wireshark-dev] explicitly stop capture with Tshark
Index(es):
- Date
- Thread