[Senthil Kumar S <senthilkumar.s@xxxxxxxxxx>]

Hi All,

 

I have an automation requirement, that needs tshark to be stoped upon meeting certain condition.

 

From the tshark man pages, I found that stopping condition can be applied with rrespect to duration, files, file size and multiple files mode.

 

Is there any stopping condition I can apply through capture filter so that tshark stops capturing.

 

ex: Upon receiving a TCP SYN packet (condition applied in capture filter), tshark stops capturing.

 

Please let me know any option like this is available.

 

Regards,
Senthil kumar

 

 

 

---

SASKEN BUSINESS DISCLAIMER: This message may contain confidential, proprietary or legally privileged information. In case you are not the original intended Recipient of the message, you must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message and you are requested to delete it and inform the sender. Any views expressed in this message are those of the individual sender unless otherwise stated. Nothing contained in this message shall be construed as an offer or acceptance of any offer by Sasken Communication Technologies Limited ("Sasken") unless sent with that express intent and with due authority of Sasken. Sasken has taken enough precautions to prevent the spread of viruses. However the company accepts no liability for any damage caused by any virus transmitted by this email.
Read Disclaimer at http://www.sasken.com/extras/mail_disclaimer.html