Wireshark · Wireshark-users: [Wireshark-users] Writing DUMPCAP ring buffer file directly to destination

Wireshark-users: [Wireshark-users] Writing DUMPCAP ring buffer file directly to destination

From: John Powell <jrp999@xxxxxxxxx>

Date: Thu, 13 Dec 2012 10:51:37 -0600

Hi Everyone,

I am currently running DUMPCAP as a service to capture packets in a high packet throughput environment.

The command used is:

/usr/local/bin/dumpcap -B 16 -i 2 -f vlan and (not vrrp and not udp port 1985 and not ether host 01:00:0c:cc:cc:cc) -g -b filesize:250000 -b duration:900 -w /data/eth1.cap

I am experiencing disk IO issues.

I suspect that part of my disk IO issue is due to copying the rotated file from \tmp to \data

Is there anyway to use Wireshark to write the rotated files directly to the output directory, bypassing the /tmp and the resulting copy?

Thanks!

-John

Follow-Ups:
- Re: [Wireshark-users] Writing DUMPCAP ring buffer file directly to destination
  - From: Guy Harris

Prev by Date: [Wireshark-users] tshark: How to capture SNMP traps (UDP port 162) that might be fragmented?
Next by Date: Re: [Wireshark-users] Experiencing Packet Loss in High Volume Packet Capture Application using DUMPCAP
Previous by thread: Re: [Wireshark-users] tshark: How to capture SNMP traps (UDP port 162) that might be fragmented?
Next by thread: Re: [Wireshark-users] Writing DUMPCAP ring buffer file directly to destination
Index(es):
- Date
- Thread