https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4573
--- Comment #3 from Guy Harris <guy@xxxxxxxxxxxx> 2010-03-19 14:21:28 PDT ---
The UN*X command line conventions, for better or worse, are that a command-line
flag that takes an option takes a single option, so that
-b files:10 filesize:10
does *NOT* mean that the "-b" flag is given the two arguments "files:10" and
"filesize:10". The command line arguments
-i 2 -b files:10 filesize:10 -w filename.pcap
mean:
the "-i" flag is supplied, with the argument "2";
the "-b" flag is supplied, with the argument "files:10";
three non-flag arguments are supplied, namely "filesize:10", "-w", and
"filename.pcap".
This can be confusing, but it's How Things Work On UN*X. You have to say
dumpcap -i 2 -b files:10 -b filesize:10 -w filename.pcap
and, in fact, as you indicate, you've already done that.
On Windows, there are multiple command line conventions:
the old DOS convention, of single-letter options indicated by "/", and with
the argument to the option specified by ":" after the letter and the argument
following the ":", and the VMS^WWindows NT convention, with support for
multiple-letter options;
the UN*X conventions, used mainly by programs that started out on UN*X
(e.g., the arp command).
Even if Wireshark etc. were to use the Windows conventions on Windows, it would
be something such as
dumpcap /i:2 /b:files:10 /b:filesize:10 /w:filename.pcap
So:
you *can* specify more than one ring buffer option, you just have to use a
separate "-b" with each option;
filesize was *not* specified, according to the UN*X command-line
conventions, when you said
dumpcap -i 2 -b files:10 filesize:10 -w filename.pcap
which is why dumpcap complained that it wasn't specified - it *was*
specified when you said
dumpcap -i 2 -b files:10 -b filesize:10 -w filename.pcap
"files" *is* a valid option, you just have to specify a separate "-b
filesize:N" option along with it.
As for tcpdump, it doesn't have a "-b" option that takes multiple different
types of specification, it has separate flags equivalent to "-b files:N" and
"-b filesize:N", namely "-W" and "-C" - it doesn't, for example, support
tcpdump -C 10 10 -w filename.pcap
or
tcpdump -W 10 10 -w filename.pcap
for the same reason that dumpcap (and Wireshark and TShark) don't support
dumpcap -b files:10 filesize:10 -w filename.pcap
Now, perhaps the "-b" flag should also support ",", so that you could say
dumpcap -b files:10,filesize:10 -w filename.pcap
but it will never support
dumpcap -b files:10 filesize:10 -w filename.pcap
And perhaps they should warn about being given incorrect non-option arguments,
so that
dumpcap -b files:10 filesize:10 -w filename.pcap
would warn about that.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
