On Thu, May 01, 2008 at 04:40:47PM -0400, Chuck Sutherland wrote:
> I use that feature and you will still see out of memory errors! I'm
> still looking for a combination that works well file size wise and
> numbers of files.
Well, wireshark is still statefull, even when using multiple files. That
means that the memory footprint will increase over time. You can use
the utility "dumpcap" which is installed with wireshark to accomplish
what you want.
Have a look at "dumpcap -h" output for all the options, I have used it
like this for months in a row, basically creating a 16GB ringbuffer:
dumpcap -i3 -b files:1024 -b filesize:16384 -w trace.cap
Hope this helps,
Cheers,
Sake