Wireshark · Wireshark-users: Re: [Wireshark-users] How can I run tshark for days at a time without running out of disk space?

Wireshark-users: Re: [Wireshark-users] How can I run tshark for days at a time without running ou

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 25 Jul 2008 10:40:52 -0700


On Jul 24, 2008, at 10:10 AM, Marc MERLIN wrote:

I'm currently running tshark like this:
tshark -n -V -l -i eth1 port nfs and host 172.28.80.41 | myscript

I need this to run for days and days.

Tshark however seems to capture to /tmp/etherXXXXjRZvbB with dumpcap

It shouldn't be doing that if tshark isn't run with the -w flag; itshould, instead, tell dumpcap to write the capture to a pipe, and readfrom the pipe, so that it doesn't waste disk space on packets thatwill be read once to dissect them and never read again. See bug 2743,which I just filed.

References:
- [Wireshark-users] how can I see all readdirplus file entries with -T fields?
  - From: Marc MERLIN
- [Wireshark-users] How can I run tshark for days at a time without running out of disk space?
  - From: Marc MERLIN

Prev by Date: Re: [Wireshark-users] How can I run tshark for days at a time without running out of disk space?
Next by Date: [Wireshark-users] PSH/ACK in all packets
Previous by thread: Re: [Wireshark-users] How can I run tshark for days at a time without running out of disk space?
Next by thread: [Wireshark-users] Unsatisfied Symbols while building wireshark
Index(es):
- Date
- Thread