Wireshark · Wireshark-users: Re: [Wireshark-users] tshark or dumpcap ring buffer limitations

Wireshark-users: Re: [Wireshark-users] tshark or dumpcap ring buffer limitations

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Thu, 20 May 2010 13:34:54 -0400

Joseph Laibach wrote:

All,
Iï¿½m running a continuous capture of data. Iï¿½m trying touse a ring buffer of 25000 files with an 8mb file size. The problem isthat the ring buffer starts overwriting after 10000 files. Iï¿½ve tried itwith dumpcap and tshark. The command is using the ï¿½b files:25000 ï¿½bfilesize:8192. Is there a limitation to the size of the ring buffer fordumpcap and/or tshark?

Turns out that if you specify the number of files as 0 thendumpcap/*shark will create an unlimited number of files. I don't knowif that's acceptable or if you really need it to roll over at 25,000,but it's an option.

Follow-Ups:
- Re: [Wireshark-users] tshark or dumpcap ring buffer limitations
  - From: Douglas Ross

References:
- [Wireshark-users] tshark or dumpcap ring buffer limitations
  - From: Joseph Laibach

Prev by Date: Re: [Wireshark-users] Sniffing for multicast traffic
Next by Date: Re: [Wireshark-users] tshark commands
Previous by thread: Re: [Wireshark-users] tshark or dumpcap ring buffer limitations
Next by thread: Re: [Wireshark-users] tshark or dumpcap ring buffer limitations
Index(es):
- Date
- Thread