Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] problem with ring buffer mode on gentoo

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Wed, 16 Aug 2006 09:23:49 -0400


spax wrote:
Hi,

i try to capture with tethereal in ring buffer mode. I tested it first on a Debian which was working fine like this:

# tethereal -a filesize:5000 -b 10 -i eth1 -w testfile

On gentoo i can't get it run. After fulfilling the given criteria of 5000kB tethereal jumps to next file BUT ignoring given filesize which finally looks like this:

ls -la
total 92
drwxr-xr-x  3 root root 20480 Aug 16 14:32 .
drwxr-xr-x  6 root root  4096 Aug 15 13:55 ..
-rw-------  1 root root   143 Aug 16 14:32 testfile_22253_20060816143247
-rw-------  1 root root   108 Aug 16 14:32 testfile_22254_20060816143247
-rw-------  1 root root   112 Aug 16 14:32 testfile_22255_20060816143247
-rw-------  1 root root   171 Aug 16 14:32 testfile_22256_20060816143247
-rw-------  1 root root   122 Aug 16 14:32 testfile_22257_20060816143247
-rw-------  1 root root   122 Aug 16 14:32 testfile_22258_20060816143247
-rw-------  1 root root   126 Aug 16 14:32 testfile_22259_20060816143247
-rw-------  1 root root   574 Aug 16 14:32 testfile_22260_20060816143247
-rw-------  1 root root   143 Aug 16 14:32 testfile_22261_20060816143247
-rw-------  1 root root    24 Aug 16 14:32 testfile_22262_20060816143247

Obviously the 1st 5000kB file was overwritten :). This is the command line used on gentoo:

# tethereal -a filesize:5000 -b files:10 -i eth1 -w testfile


Is this a bug on gentoo or is there a mistake in my command line?

./regards
stephan


p.s.: installed version:

tethereal -v
Tethereal 0.99.0

0.99.0 had some bugs in the ring buffer mode:

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=895

Try upgrading to 0.99.2 (Wireshark).