Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 di

From: "J P" <jrp999@xxxxxxxxx>
Date: Thu, 23 Aug 2007 16:50:11 -0600
Thanx Jaap!
 
DUMPCAP seems to work in my testing so far.
 
Am I correct to assume that I can run two instances of DUMPCAP on two Different interfaces at the same time?  (I do not have access to my production machine right now)
 
These are the DUMPCAP commands I am proposing to use to capture UNISTIM and RTP packets, rotating every hour with a max of 1000 files:
  • dumpcap -i 2 -f "udp port 5000 or udp portrange 20000-40000" -b files:1000 -b duration:3600 -w c:\dump.cap
  • dumpcap -i 3 -f "udp port 5000 or udp portrange 20000-40000" -b files:1000 -b duration:3600 -w c:\dump.cap
 
Issues?
 
Thanx,
 
John