hello
I am running tshark with the "a" and "b" flags to get a ring of 5 files, each of 100 KB of size.
tshark -i eth0 -w my-output-file -a filesize:100 -b files:5
That is working fine but I need to have the capture files in text format, not in pcap format, for easy parsing. This is the only explanation I have for the "w" flag
Output:
-w <outfile|-> set the output filename (or '-' for stdout)
I tried using "-" but it spits the packets in weird characters to the screen.
How can keep the ringbuffer functionalty and have the files in text format?
cheers
jp