Great tip!
I've ran tshark at the command line to try to improve performance but
not dumpcap.
Principal Member of Technical Staff
JDSU Communication Test (formerly Acterna)
Emerging Markets and Technology Research
One Milestone Center Court
Germantown, MD 20876
(W) 240-404-2227
(C) 240-499-4750
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Thursday, May 01, 2008 4:59 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Is it possible to
back-uppacketcapturesindefined time interval
On Thu, May 01, 2008 at 04:40:47PM -0400, Chuck Sutherland wrote:
> I use that feature and you will still see out of memory errors! I'm
> still looking for a combination that works well file size wise and
> numbers of files.
Well, wireshark is still statefull, even when using multiple files. That
means that the memory footprint will increase over time. You can use
the utility "dumpcap" which is installed with wireshark to accomplish
what you want.
Have a look at "dumpcap -h" output for all the options, I have used it
like this for months in a row, basically creating a 16GB ringbuffer:
dumpcap -i3 -b files:1024 -b filesize:16384 -w trace.cap
Hope this helps,
Cheers,
Sake
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
