| Bug ID |
9311
|
| Summary |
Support for writing gzip-compressed files on the fly?
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
unspecified
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Enhancement
|
| Priority |
Low
|
| Component |
Capture file support (libwiretap)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
--
In order to save disk space, I compress the capture files from dumpcap:
dumpcap -i <interface> -w - | gzip -9 > some.pcapng.gz
I would like to see dumpcap detecting that a gzipped file is wanted, so I can
run:
dumpcap -i <interface> -w some.pcapng.gz
In the former case, Ctrl + C may lead to truncated packets because gzip is
killed before dumpcap has written all packets. As a workaround, I wrote a
python script that ignores signals until a read/write error occurs.
This idea can also be extended to tshark:
tshark -r foo.pcap.gz -Y http -w filtered.pcapng.gz
Perhaps it can also be used for wireshark, this would save some space in
$TMPDIR.
A possible consideration is the event where more packets are being captured
than can be processed while compressing.
I have not yet looked thoroughly at the code, but if the interfaces are not
unified yet, perhaps it is a good time to do so. While working at this, perhaps
other compression formats can be considered too:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8563
You are receiving this mail because:
- You are watching all bug changes.
