I'm trying to use tshark to do on a console what I normally do from
the GUI, as I don't want to have to install X on my servers..
What I want to achieve is what I'd get if in the GUI I tick the 'Use
multiple files', 'Next file every 10 minutes' and 'Ring buffer with 6
files'. At the moment I am using this tethereal command line:
tethereal -i eth1 -w rspan.pcap -b duration:600 -b files:6 -s2000 -a
filesize:5000
Couple of questions:
Why do I need -a at all? I don't really want to limit individual file
sizes if I can help it.
The second problem is the more serious - when the size of the file
hits the -a limit, it suddenly goes crazy and creates thousands of
files (still keeping total number of files to a max of 6), each no
more than a few hundred bytes large. This means the original 5MB file
gets wiped out and the following results are pretty useless.
Does anyone know why that might be happening and how I can stop it?
Thanks,
Ras