When I try to start up the service it fails with the following:
/usr/sbin/dumpcap: invalid option -- 'B'
dumpcap: Invalid Option: -B
When I run dumpcap directly with the -B option I get:
[root@stc0034635 ~]# dumpcap -B 2
dumpcap: invalid option -- 'B'
dumpcap: Invalid Option: -B
Usage: dumpcap [options] ...
Capture interface:
-i <interface> name or idx of interface (def: first non-loopback)
-f <capture filter> packet filter in libpcap filter syntax
-s <snaplen> packet snapshot length (def: 65535)
-p don't capture in promiscuous mode
-y <link type> link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit
-S print statistics for each interface once every second
-M for -D, -L, and -S produce machine-readable output
Stop conditions:
-c <packet count> stop after n packets (def: infinite)
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Output (files):
-w <filename> name of file to save (def: tempfile)
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
-n use pcapng format instead of pcap
Miscellaneous:
-v print version information and exit
-h display this help and exit
Example: dumpcap -i eth0 -a duration:60 -w output.pcap
"Capture network packets from interface eth0 until 60s passed into output.pcap"
Use Ctrl-C to stop capturing at any time.
1.2.15 is old but is the latest version I get with CentOS 6.3.
Thoughts and suggestions are most welcome!
Thanx in advance!!
-John
On Wed, Aug 8, 2012 at 11:51 AM, Michael Tuexen
<Michael.Tuexen@xxxxxxxxxxxxxxxxx> wrote:
On Aug 8, 2012, at 7:39 PM, Jeff Morriss wrote:
> John Powell wrote:
>> Hi Everyone,
>> I am performing a continuous capture of a large IP stream using dumpcap.
>> I have been told by my users that they are experiencing packet drop.
>> I am running CentOS 6.3 with:
>> * wireshark-1.2.15-2.el6_2.1.x86_64
>> * wireshark-gnome-1.2.15-2.el6_2.1.x86_64
>> * libpcap-1.0.0-6.20091201git117cb5.el6.x86_64
>> I found this solution on a Dumpcap man page:
>> *-B <capture buffer size>*
> [...]
>> but alas this options in not available on my build even though I am running libpcap 1.0.0-6.
>> *Any suggestions as to how to utilize the capture buffer size option on my machine will be greatly appreciated!*
>
> What kind of error are you getting that says "-B" isn't working? I just tried it on 6.1 and dumpcap did not complain when I gave it the "-B" argument.
Not sure, but wireshark 1.2.15 is pretty old. Does it already support the -B option?
Best regards
Michael