Wireshark-users: [Wireshark-users] ring buffer ?
From: "Janssens, Kitty" <Kitty.Janssens@xxxxxxxxxxx>
Date: Mon, 27 Nov 2006 13:16:51 +0100
I'm working with version 0.99.3a on Solaris (see version.txt).
 
I try to tell wireshark to work with a ring buffer, like this :
 
wireshark -k -w output -b files:10 -b filesize:10 -i /PLAT/data/ss7monitoring/online/k5_0005.pipe -o gui.window_title:"V1.0.60_ProfileID_5" --display=...
But this doesn't seem to work. The first file is OK, but then wireshark creates a lot of small files :
 
-rw-------   1 be083074 cc_users   10376 nov 23  2006 output_00001_20061123131915
-rw-------   1 be083074 cc_users     110 nov 23  2006 output_00002_20061123131935
-rw-------   1 be083074 cc_users     144 nov 23  2006 output_00003_20061123131935
-rw-------   1 be083074 cc_users     110 nov 23  2006 output_00004_20061123131935
-rw-------   1 be083074 cc_users     144 nov 23  2006 output_00005_20061123131935
-rw-------   1 be083074 cc_users      24 nov 23  2006 output_00006_20061123131935

 
I found Bug 895 that seems to describe this problem, but it also says that this is solved in version 0.99.2.
 
Am I doing something wrong or is this bug not fixed in the version I use ??
 
 
Best regards,
 
Kitty
Version 0.99.3a

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.1.0, with GLib 2.0.7, with libpcap 0.9.4, with libz 1.2.3,
without libpcre, without UCD-SNMP or Net-SNMP, without ADNS, without Lua.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running with libpcap version 0.9.4 on SunOS 5.9.

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.