Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Is it possible to back-uppacketcapturesindefined time interval

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Barry Constantine" <Barry.Constantine@xxxxxxxx>
Date: Thu, 1 May 2008 14:54:44 -0700

Great tip!

I've ran tshark at the command line to try to improve performance but
not dumpcap.



Principal Member of Technical Staff
 
JDSU Communication Test (formerly Acterna)
Emerging Markets and Technology Research
One Milestone Center Court
Germantown, MD 20876
(W) 240-404-2227
(C) 240-499-4750
 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Thursday, May 01, 2008 4:59 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Is it possible to
back-uppacketcapturesindefined time interval

On Thu, May 01, 2008 at 04:40:47PM -0400, Chuck Sutherland wrote:
> I use that feature and you will still see out of memory errors! I'm 
> still looking for a combination that works well file size wise and 
> numbers of files.

Well, wireshark is still statefull, even when using multiple files. That
means that the memory footprint will increase over time. You can use
the utility "dumpcap" which is installed with wireshark to accomplish
what you want.

Have a look at "dumpcap -h" output for all the options, I have used it
like this for months in a row, basically creating a 16GB ringbuffer:

dumpcap -i3 -b files:1024 -b filesize:16384 -w trace.cap

Hope this helps,
Cheers,
     Sake
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
  • References:
    • Re: [Wireshark-users] Is it possible to back-up packet capturesindefined time interval...
      • From: E Rajasekharan-A20741
    • [Wireshark-users] Is it possible to back-up packetcapturesindefined time interval
      • From: Chuck Sutherland
    • Re: [Wireshark-users] Is it possible to back-up packetcapturesindefined time interval
      • From: Sake Blok
  • Prev by Date: Re: [Wireshark-users] SSL issue not decoding data
  • Next by Date: Re: [Wireshark-users] SSL issue not decoding data
  • Previous by thread: Re: [Wireshark-users] Is it possible to back-up packetcapturesindefined time interval
  • Next by thread: [Wireshark-users] SSL issue not decoding data
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation