Wireshark-users: Re: [Wireshark-users] ring buffer ?
From: "Janssens, Kitty" <Kitty.Janssens@xxxxxxxxxxx>
Date: Thu, 30 Nov 2006 14:31:56 +0100
By the way, if I use duration as stop condition (e.g. 10 files, switch to the next one every minute) then it works. But when I add the "-b files" option, it goes wrong. -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Janssens, Kitty Sent: donderdag 30 november 2006 14:20 To: Community support list for Wireshark Subject: Re: [Wireshark-users] ring buffer ? Hello Mr. Morriss, I've just tried capturing (without using a named pipe or any of my software) directly on a link, by setting the multiple files option in the "capture options" menu. The result is the same : 1st file is OK, the next ones are 1 message each. Did you do your test on solaris ? Or doesn't that have any influence ? Kitty -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jeff Morriss Sent: dinsdag 28 november 2006 14:54 To: Community support list for Wireshark Subject: Re: [Wireshark-users] ring buffer ? Janssens, Kitty wrote: > I'm working with version 0.99.3a on Solaris (see version.txt). > > I try to tell wireshark to work with a ring buffer, like this : > > wireshark -k -w output -b files:10 -b filesize:10 -i > /PLAT/data/ss7monitoring/online/k5_0005.pipe -o > gui.window_title:"V1.0.60_ProfileID_5" --display=... > But this doesn't seem to work. The first file is OK, but then > wireshark creates a lot of small files : > > -rw------- 1 be083074 cc_users 10376 nov 23 2006 > output_00001_20061123131915 > -rw------- 1 be083074 cc_users 110 nov 23 2006 > output_00002_20061123131935 > -rw------- 1 be083074 cc_users 144 nov 23 2006 > output_00003_20061123131935 > -rw------- 1 be083074 cc_users 110 nov 23 2006 > output_00004_20061123131935 > -rw------- 1 be083074 cc_users 144 nov 23 2006 > output_00005_20061123131935 > -rw------- 1 be083074 cc_users 24 nov 23 2006 > output_00006_20061123131935 > > > I found Bug 895 that seems to describe this problem, but it also says > that this is solved in version 0.99.2. > > Am I doing something wrong or is this bug not fixed in the version I > use ?? As you noted, that bug should have been fixed already. I just tried the current SVN version and didn't see the problem: each output file is about 10k. I don't think anything has changed in this area between 0.99.3 and the current SVN version so I can't explain the behavior you're seeing. _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- References:
- Re: [Wireshark-users] ring buffer ?
- From: Janssens, Kitty
- Re: [Wireshark-users] ring buffer ?
- Prev by Date: Re: [Wireshark-users] ring buffer ?
- Previous by thread: Re: [Wireshark-users] ring buffer ?
- Next by thread: [Wireshark-users] SMB_NETLOGON Draft
- Index(es):