Hello,
I don't need to wish there was a way to configure a ring-buffer within Wireshark. I just start dumpcap running and then analyze the most recent file with Wireshark. Works great!
As for my question about leaving the -f argument out of the dumpcap command, well it does seem to capture "everything".
My original command: dumpcap -b files:5 -i 4 -c 16500 -w 915PBLbr0 resulted in this warning, but still ran: dumpcap: Ring buffer requested, but no maximum capture file size or duration were specified.
So, my new command is: dumpcap -b duration:1800 files:5 -i 4 -c 5000 -w 915PBLbr0
It is currently collecting. I think it will cycle to the next file when the capture reaches 5000 packets or the duration of capture reaches 30 minutes.
Thanks again Phil
