Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Ring buffer

From: "Rick Rambo" <RamboRL@xxxxxxxxxxxxxxx>
Date: Wed, 16 Apr 2008 16:28:53 -0400
Hello

I've looked through the archives and don't seem to see this ring buffer
issue covered.

I am using dumpcap issued with the following command-line;
dumpcap.exe -b filesize:10000 files:2000 -w c:\NetTraffic\.pcap -i
\Device\NPF_{40DB306B-206D-4EF8-BA83-BF0ADDC93F37}

Everything is fine except I now have 2261 files and counting.  When I use
the ring buffer with Wireshark, it works as expected.  Kills the oldest file
and creates a new file, when it reaches the buffer size.  Am I missing
something in the command or is this a dumpcap "idiosyncrasy".

dumpcap version info;
<--snip-->
C:\Program Files\Wireshark>dumpcap -v
Dumpcap 1.0.0

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.14.6, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5.

Built using Microsoft Visual C++ 6.0 build 8804

See http://www.wireshark.org for more information.
</--snip-->

.thanks
.rick..