Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] ring buffer ?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Janssens, Kitty" <Kitty.Janssens@xxxxxxxxxxx>
Date: Thu, 30 Nov 2006 14:31:56 +0100
By the way, if I use duration as stop condition (e.g. 10 files, switch
to the next one every minute) then it works. But when I add the "-b
files" option, it goes wrong.
 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Janssens,
Kitty
Sent: donderdag 30 november 2006 14:20
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] ring buffer ?

Hello  Mr. Morriss,

I've just tried capturing (without using a named pipe or any of my
software) directly on a link, by setting the multiple files option in
the "capture options" menu.
The result is the same : 1st file is OK, the next ones are 1 message
each.
Did you do your test on solaris ? Or doesn't that have any influence ?

Kitty

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jeff Morriss
Sent: dinsdag 28 november 2006 14:54
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] ring buffer ?

Janssens, Kitty wrote:
> I'm working with version 0.99.3a on Solaris (see version.txt).
>  
> I try to tell wireshark to work with a ring buffer, like this :
>  
> wireshark -k -w output -b files:10 -b filesize:10 -i 
> /PLAT/data/ss7monitoring/online/k5_0005.pipe -o 
> gui.window_title:"V1.0.60_ProfileID_5" --display=...
> But this doesn't seem to work. The first file is OK, but then 
> wireshark creates a lot of small files :
>  
> -rw-------   1 be083074 cc_users   10376 nov 23  2006 
> output_00001_20061123131915
> -rw-------   1 be083074 cc_users     110 nov 23  2006 
> output_00002_20061123131935
> -rw-------   1 be083074 cc_users     144 nov 23  2006 
> output_00003_20061123131935
> -rw-------   1 be083074 cc_users     110 nov 23  2006 
> output_00004_20061123131935
> -rw-------   1 be083074 cc_users     144 nov 23  2006 
> output_00005_20061123131935
> -rw-------   1 be083074 cc_users      24 nov 23  2006 
> output_00006_20061123131935
>
>  
> I found Bug 895 that seems to describe this problem, but it also says 
> that this is solved in version 0.99.2.
>  
> Am I doing something wrong or is this bug not fixed in the version I 
> use ??
As you noted, that bug should have been fixed already.

I just tried the current SVN version and didn't see the problem: each 
output file is about 10k.  I don't think anything has changed in this 
area between 0.99.3 and the current SVN version so I can't explain the 
behavior you're seeing.

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube