Wireshark-users: Re: [Wireshark-users] How to create a custom stop trigger on WireShark capture
Hi,
You can use CACE Pilot.
http://www.cacetech.com/products/cace_pilot.html
<snip>
Watches: Advanced Trigger-Alerting Mechanism
CACE Pilot includes a sophisticated triggering and alerting technology called
?Watches.? It is possible to create a Watch (trigger plus action) on virtually
any View metric and be alerted based on a trigger condition computed on the
metric. For example, the user can be alerted on high bandwidth, slow server
response time, high TCP round-trip time, and so on. When a Watch detects
that a trigger condition has been met, an action will be executed. Actions
include event logging, sending email, and starting a packet capture.
<snip>
You can request a full-featured evaluation copy:
http://www.cacetech.com/products/CACE_Pilot_eval_request.html
Best regards
Joan
http://www.lovemytool.com/blog/2009/10/review_of_wireshark_and_cace_pilot_by_joke_snelders.html
On Fri, 2 Apr 2010 17:16:46 -0700 Shashank Agarwal wrote:
>
>Hi all,
>I would like WireShark to keep collecting packets until a proprietary packet
>arrives. Essentially, I want WireShark to stop on a trigger. Is this possible,
>maybe thru a wireshark tool (on Windows)? The triggers that come default
>in WireShark are "Stop Capture after - x packets / x MB / x minutes".
>
>Thanks