Hi Everyone,
I am using the -B option of Dumpcap with a buffer of 2 MB.
When I read the manpage it creates some questions as to what Dumpcap is actually doing:
-B <capture buffer size>
Set capture buffer size (in MB, default is 1MB). This is used by the the capture driver to buffer packet data until that data can
be written to disk. If you encounter packet drops while capturing, try to increase this size.
Note that, while Dumpcap attempts
to set the buffer size to 1MB by default, and can be told to set it to a larger value, the system or interface on which youâre capturing might silently limit the capture buffer size to a lower value or raise it to a higher value.
This is available on UNIX systems with libpcap 1.0.0 or later and on Windows. It is not available on UNIX systems with earlier
versions of libpcap.
This option can occur multiple times. If used before the first occurrence of the -i option, it sets the default capture buffer
size. If used after an -i option, it sets the capture buffer size for the interface specified by the last -i option occurring
before this option. If the capture buffer size is not set specifically, the default capture buffer size is used if provided.
My question is based on the
RED text above from the Dumpcap manpage and is:
- How can I tell if Dumpcap is successful in setting the buffer size to the requested value and what is the buffer size actually being used?
Thanks in advance for your guidance!
-John
