Wireshark · Wireshark-users: [Wireshark-users] Capture Filter Problem, Part II

Wireshark-users: [Wireshark-users] Capture Filter Problem, Part II

From: "Travis Love" <travis.love@xxxxxxxx>

Date: Tue, 30 Oct 2007 16:45:46 -0400

Okay, this is a bit trickier of a question than my last one. I've been beating my head on this for a couple of weeks, and have almost nothing. So here goes:

I have a reasonably complex capture filter designed to capture packets from rogue DHCP servers on our network. However, the boss wants something that will alert the tech using the machine that the filter is running on that he's got to hunt down a rogue. The only solution I've thought of so far is to use tshark, dumping to a cap file, and have another script running concurrently to check the file every minute or so and alert the user if the size is larger than 0.

There's got to be a better way than that, right? Any ideas would be very much appreciated.

-Travis

Follow-Ups:
- Re: [Wireshark-users] Capture Filter Problem, Part II
  - From: Chad Dailey

Prev by Date: [Wireshark-users] What's so special about the number 12503?
Next by Date: Re: [Wireshark-users] Capture Filter Problem, Part II
Previous by thread: [Wireshark-users] What's so special about the number 12503?
Next by thread: Re: [Wireshark-users] Capture Filter Problem, Part II
Index(es):
- Date
- Thread