ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4573] dumpcap ring buffer options do not assert

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 19 Mar 2010 22:38:16 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4573

Jim Young <jyoung@xxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jyoung@xxxxxxx

--- Comment #5 from Jim Young <jyoung@xxxxxxx> 2010-03-19 22:38:14 PDT ---
Hello Chad,

Using your example #1 did you actually look (using dir or ls) at the files in
the directory after you exited dumpcap?  

Unlike some other applications' notion of "ring buffers", dumpcap does not
reuse the same filenames.  Each pcap file has a unique name.

But dumpcap itself does attempt to delete the earlier trace files.

Here's my results using your example #1:

> ~/ringtest $ dumpcap -i 2 -b files:10 -b filesize:10 -w filename.pcap
> File: filename_00001_20100320011351.pcap
> Packets: 9 File: filename_00002_20100320011436.pcap
> Packets: 19 File: filename_00003_20100320011441.pcap
> Packets: 29 File: filename_00004_20100320011446.pcap
> Packets: 39 File: filename_00005_20100320011456.pcap
> Packets: 49 File: filename_00006_20100320011501.pcap
> Packets: 58 File: filename_00007_20100320011503.pcap
> Packets: 68 File: filename_00008_20100320011508.pcap
> Packets: 78 File: filename_00009_20100320011513.pcap
> Packets: 88 File: filename_00010_20100320011518.pcap
> Packets: 97 File: filename_00011_20100320011522.pcap
> Packets: 107 File: filename_00012_20100320011525.pcap
> Packets: 117 File: filename_00013_20100320011530.pcap
> Packets: 127 File: filename_00014_20100320011535.pcap
> Packets: 137 File: filename_00015_20100320011540.pcap
> Packets: 146 File: filename_00016_20100320011543.pcap
> Packets: 156 File: filename_00017_20100320011548.pcap
> Packets: 166 File: filename_00018_20100320011553.pcap
> Packets: 187 File: filename_00019_20100320011556.pcap
> Packets: 199 File: filename_00020_20100320011601.pcap
> Packets: 213 File: filename_00021_20100320011604.pcap
> Packets: 219 Packets dropped: 0
> 
> ~/ringtest $ ls -1
> filename_00012_20100320011525.pcap
> filename_00013_20100320011530.pcap
> filename_00014_20100320011535.pcap
> filename_00015_20100320011540.pcap
> filename_00016_20100320011543.pcap
> filename_00017_20100320011548.pcap
> filename_00018_20100320011553.pcap
> filename_00019_20100320011556.pcap
> filename_00020_20100320011601.pcap
> filename_00021_20100320011604.pcap
> 
> ~/ringtest $

So while dumpcap actually generated 21 unique pcap files only the 10 most
recently generated files are still around.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube