Wireshark-users: Re: [Wireshark-users] ring buffer ?

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Tue, 28 Nov 2006 21:53:48 +0800
Janssens, Kitty wrote:
I'm working with version 0.99.3a on Solaris (see version.txt).
I try to tell wireshark to work with a ring buffer, like this : wireshark -k -w output -b files:10 -b filesize:10 -i /PLAT/data/ss7monitoring/online/k5_0005.pipe -o gui.window_title:"V1.0.60_ProfileID_5" --display=... But this doesn't seem to work. The first file is OK, but then wireshark creates a lot of small files : -rw------- 1 be083074 cc_users 10376 nov 23 2006 output_00001_20061123131915 -rw------- 1 be083074 cc_users 110 nov 23 2006 output_00002_20061123131935 -rw------- 1 be083074 cc_users 144 nov 23 2006 output_00003_20061123131935 -rw------- 1 be083074 cc_users 110 nov 23 2006 output_00004_20061123131935 -rw------- 1 be083074 cc_users 144 nov 23 2006 output_00005_20061123131935 -rw------- 1 be083074 cc_users 24 nov 23 2006 output_00006_20061123131935

I found Bug 895 that seems to describe this problem, but it also says that this is solved in version 0.99.2. Am I doing something wrong or is this bug not fixed in the version I use ??
As you noted, that bug should have been fixed already.

I just tried the current SVN version and didn't see the problem: each output file is about 10k. I don't think anything has changed in this area between 0.99.3 and the current SVN version so I can't explain the behavior you're seeing.