Wireshark · Wireshark-users: Re: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfac

Wireshark-users: Re: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Fri, 24 Aug 2007 09:29:36 -0400

J P wrote:

Thanx Jaap!
DUMPCAP seems to work in my testing so far.Am I correct to assume that I can run two instances of DUMPCAP on twoDifferent interfaces at the same time? (I do not have access to myproduction machine right now)


Yes, it should be fine.

These are the DUMPCAP commands I am proposing to use to capture UNISTIMand RTP packets, rotating every hour with a max of 1000 files:
    * dumpcap -i 2 -f "udp port 5000 or udp portrange 20000-40000" -b
      files:1000 -b duration:3600 -w c:\dump.cap
    * dumpcap -i 3 -f "udp port 5000 or udp portrange 20000-40000" -b
      files:1000 -b duration:3600 -w c:\dump.cap

I'd strongly suggest *not* sending the output from each 'dumpcap' to thesame file. Rather, create 2 files (e.g., "dump2.cap" and "dump3.cap")and if later you need only one file then use 'mergecap' to merge them.

References:
- [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
  - From: J P

Prev by Date: [Wireshark-users] Using TCP-reassembly
Next by Date: Re: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
Previous by thread: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
Next by thread: Re: [Wireshark-users] DUMPCAP Syntax for capturing RTP and UNISTIM packets from 2 different interfaces
Index(es):
- Date
- Thread