Wireshark-users: [Wireshark-users] Writing DUMPCAP ring buffer file directly to destination
From: John Powell <jrp999@xxxxxxxxx>
Date: Thu, 13 Dec 2012 10:51:37 -0600
Hi Everyone,

I am currently running DUMPCAP as a service to capture packets in a high packet throughput environment.

The command used is:

/usr/local/bin/dumpcap -B 16 -i 2 -f vlan and (not vrrp and not udp port 1985 and not ether host 01:00:0c:cc:cc:cc) -g -b filesize:250000 -b duration:900 -w /data/eth1.cap


I am experiencing disk IO issues.

I suspect that part of my disk IO issue is due to copying the rotated file from \tmp to \data

Is there anyway to use Wireshark to write the rotated files directly to the output directory, bypassing the /tmp and the resulting copy?

Thanks!

-John