Wireshark · Wireshark-users: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces

Wireshark-users: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 di

Date: Thu, 23 Aug 2007 16:50:11 -0600

Thanx Jaap!

DUMPCAP seems to work in my testing so far.

Am I correct to assume that I can run two instances of DUMPCAP on two Different interfaces at the same time? (I do not have access to my production machine right now)

These are the DUMPCAP commands I am proposing to use to capture UNISTIM and RTP packets, rotating every hour with a max of 1000 files:

dumpcap -i 2 -f "udp port 5000 or udp portrange 20000-40000" -b files:1000 -b duration:3600 -w c:\dump.cap
dumpcap -i 3 -f "udp port 5000 or udp portrange 20000-40000" -b files:1000 -b duration:3600 -w c:\dump.cap

Issues?

Thanx,

John

Follow-Ups:
- Re: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-users] WIN32 AutoStart Configuration for Wireshark
Next by Date: [Wireshark-users] Using TCP-reassembly
Previous by thread: Re: [Wireshark-users] WIN32 AutoStart Configuration for Wireshark
Next by thread: Re: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
Index(es):
- Date
- Thread