Jee Kay wrote:
I'm trying to use tshark to do on a console what I normally do from
the GUI, as I don't want to have to install X on my servers..
What I want to achieve is what I'd get if in the GUI I tick the 'Use
multiple files', 'Next file every 10 minutes' and 'Ring buffer with 6
files'. At the moment I am using this tethereal command line:
tethereal -i eth1 -w rspan.pcap -b duration:600 -b files:6 -s2000 -a
filesize:5000
Are you using 'tshark' or 'tethereal'? It probably makes a difference
(see below).
Couple of questions:
Why do I need -a at all? I don't really want to limit individual file
sizes if I can help it.
I'm not sure about that.
The second problem is the more serious - when the size of the file
hits the -a limit, it suddenly goes crazy and creates thousands of
files (still keeping total number of files to a max of 6), each no
more than a few hundred bytes large. This means the original 5MB file
gets wiped out and the following results are pretty useless.
Does anyone know why that might be happening and how I can stop it?
From that, I'd guess you're using 'tethereal' 0.99.0, in which case
you're running into bug 895:
http://bugs.ethereal.com/bugzilla/show_bug.cgi?id=895
I'd suggest getting Wireshark 0.99.2 (recently released).