I'm working with
version 0.99.3a on Solaris (see version.txt).
I try to tell
wireshark to work with a ring buffer, like this :
wireshark -k -w
output -b files:10 -b filesize:10 -i
/PLAT/data/ss7monitoring/online/k5_0005.pipe -o
gui.window_title:"V1.0.60_ProfileID_5" --display=...
But this doesn't seem to work. The first file is OK,
but then wireshark creates a lot of small files :
-rw------- 1 be083074 cc_users
10376 nov 23 2006 output_00001_20061123131915
-rw------- 1
be083074 cc_users 110 nov 23 2006
output_00002_20061123131935
-rw------- 1 be083074
cc_users 144 nov 23 2006
output_00003_20061123131935
-rw------- 1 be083074
cc_users 110 nov 23 2006
output_00004_20061123131935
-rw------- 1 be083074
cc_users 144 nov 23 2006
output_00005_20061123131935
-rw------- 1 be083074
cc_users 24 nov 23 2006
output_00006_20061123131935
I found Bug 895 that
seems to describe this problem, but it also says that this is solved in version
0.99.2.
Am I doing something
wrong or is this bug not fixed in the version I use ??
Best regards,
Kitty
Version 0.99.3a
Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.1.0, with GLib 2.0.7, with libpcap 0.9.4, with libz 1.2.3,
without libpcre, without UCD-SNMP or Net-SNMP, without ADNS, without Lua.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running with libpcap version 0.9.4 on SunOS 5.9.
Wireshark is Open Source Software released under the GNU General Public License.
Check the man page and http://www.wireshark.org for more information.