Wireshark · Ethereal-dev: Re: [Ethereal-dev] about use the tethereal in ethereal-0.10.6

["Guy Harris" <gharris@xxxxxxxxx>]

Li Haijiang said:
> Now I want to capture packets by using the tethereal command in ringbuffer
> mode.
> eg:tethereal -a filesize:2000 -b 7 -w 0810.
> But I want to add the time parameter to capture packets for 5 minutes.so I
> use the
> command "tethereal -a duration:300 filesize:2000 -b 7 -w 0810".But it
> failed.

You didn't indicate *how* it failed.  When I ran that command, it failed with

    tethereal: Unable to parse capture filter string (parse error).

The problem is that a UNIX command line consists of:

    1) the command name, which is "tethereal";

    2) zero or more command-line flag command arguments, such as "-a
duration:300";

    3) zero or more non-flag command arguments.

A flag argument might take an sub-argument, such as "-a" taking
"duration:300", or it might not, such as "-p" taking no sub-argument at
all.

The first command argument that doesn't begin with "-" and that isn't a
sub-argument to a flag argument is the first non-flag command argument. 
In the command you gave, that's "filesize:2000"; if a flag argument takes
a sub-argument, it takes only *one* sub-argument, so you can't say "-a
duration:300 filesize:200".  You have to say

    tethereal -a duration:300 -a filesize:2000 -b 7 -w 0810