Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Tethereal ring capture file with 0 bytes

From: "Tiago Gomes da Silva Mendo" <tiago-g-mendo@xxxxxxxxxx>
Date: Tue, 14 Nov 2006 12:10:32 -0000
Hi
 
i'm using tethereal with this command line:
 
\_ supervise sonda-tethereal
 1872 ?        SN     0:01  |   \_ /usr/bin/tethereal -n -q -w /var/sonda/caps/current/1163502308_cap -a filesize:51200 -b 0:600 -i eth0 ip proto \tcp and (host ip1 or host ip2 or host ip3 (etc) ) or arp
 
the problem is that when there's no packets matching the capture file is wrote with 0 bytes instead of the normal file with 24 bytes and zero packets.
 
 
# dpkg -l tethereal* libpcap*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name                                   Version                                Description
+++-======================================-======================================-============================================================================================
ii  tethereal                              0.10.10-2sarge9                        network traffic analyzer (console)
un  libpcap-dev                            <none>                                 (no description available)
un  libpcap-ruby                           <none>                                 (no description available)
un  libpcap-ruby1.6                        <none>                                 (no description available)
ii  libpcap-ruby1.8                        0.6-5                                  libpcap interface for scripting language Ruby 1.8
ii  libpcap0.7                             0.7.2-7                                System interface for user-level packet capture
un  libpcap0.7-dev                         <none>                                 (no description available)
ii  libpcap0.8                             0.8.3-5                                System interface for user-level packet capture
pn  libpcap0.8-dev                         <none>                                 (no description available)
#
 
# uname -a
Linux pulso-dc-041 2.6.10power-edge-2850-750 #1 SMP Fri Feb 25 10:36:50 WET 2005 i686 GNU/Linux
#
 
any ideas?

 

 

Tiago Gomes da Silva Mendo

e-mail: tiago.g.mendo@xxxxxxxxxx
PT Comunicações/DRI/RTS (Direcção de Risco Técnico e Segurança)


Urbanização Tagus Park Lote 35 Torre 3 Piso 0
2784-549 Porto Salvo
Tel: +351 21 501 9147