Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Two questions about wireshark usage

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Wed, 23 Jan 2008 09:18:57 -0500


Robert Smith wrote:
I have two questions about wireshark usage:

1. In the wireshark->capture->options dialog there are possibilities to define multiple capture files and condition when to switch to the next one. For example by size, every 5 MB start to save to new log file. My question is whether the same thing is possible to configure using tshark from command line. As far as I know there is only option -w to specify output file. So how to specify multiple output file using tshark?

See the "-b" option:

     -b  <capture ring buffer option>
         Cause TShark to run in "multiple files" mode.  In
         "multiple files" mode, TShark will write to several
         capture files. When the first capture file fills up,
         TShark will switch writing to the next file and so on.


2. Ia m running wireshark under Linux Ubuntu 7.10 operating system. I don't understand why but the Wireshark -> Preferences -> Protocols tab is empty. I can't click on the plus sign next to word "Protocols" in the Wireshark -> Preferences and open list of available protocols.

I tried to open Wireshark -. Preferences -> Protocols on my WindowsXP computer and there I can see list of protocols (including IEEE 802.11) without any problems. So it seems to me the problem is Ubuntu specific.

Could you advice what might be went wrong?

Hmmm, I don't have any good ideas about that.