Re: [Wireshark-users] Using multiple files with tshark
On Thu, Mar 01, 2007 at 12:38:01PM -, McGlinchy, Alistair wrote: > While you are there, could you cast your eyes over this extension to > your fix to allow for the "files:value" criteria too. This works but > requires multiple uses of the -b flag (rather than the -b and -a > flags). > > ./tshark -w ~/test.cap -b files:3 -b duration:5 > > Is that what was intended? Yes, I believe so. Steve ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Using multiple files with tshark
Stephen Fisher wrote:
> This fixes it:
>
> if (!capture_opts.has_autostop_filesize &&
> !capture_opts.has_file_duration) {
>
Excellent. Works a treat. Thanks very much. While you are there, could
you cast your eyes over this extension to your fix to allow for the
"files:value" criteria too. This works but requires multiple uses of
the -b flag (rather than the -b and -a flags).
./tshark -w ~/test.cap -b files:3 -b duration:5
Is that what was intended?
if (!capture_opts.has_autostop_filesize &&
!capture_opts.has_file_duration &&
!capture_opts.has_ring_num_files) {
cmdarg_err("Multiple capture files requested, but "
"no capture ring buffer criteria specified.");
exit(1);
}
Cheers
Alistair
**
Registered Office:
Marks and Spencer plc
Waterside House
35 North Wharf Road
London
W2 1NW
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
<>
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let us know
and then delete it from your system; you should not copy, disclose, or
distribute its contents to anyone nor act in reliance on this e-mail, as this
is prohibited and may be unlawful.
2005
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Using multiple files with tshark
On Wed, Feb 28, 2007 at 05:11:48PM -, McGlinchy, Alistair wrote:
> D:\>tshark -b duration:60 -w test.cap -f http
> tshark: Multiple capture files requested, but no maximum capture
> file size was specified.
> At line 1288 of tshark.c there seems that the command validation only
> allows the filesize method of autostopping.
> I have naively tweaked this to try to allow for a duration instead but
> it makes no difference.
>
> if (!capture_opts.has_autostop_filesize &&
> !capture_opts.has_autostop_duration ) {
You got very close to fixing it. However, you are testing the
autostop_duration variable (which is set when using -a) and not the
ring-buffer duration variable (capture_opts.has_file_duration). This
fixes it:
if (!capture_opts.has_autostop_filesize &&
!capture_opts.has_file_duration) {
I have checked this fix into the SVN repository as revision 20950. You
can either fix your local source manually or download the latest
developer source code/Windows binaries from
http://downloads.wireshark.org/download/automated/ in a few hours.
Thanks for bringing it to our attention!
Steve
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Using multiple files with tshark
Hello,
I have been trying to get the tshark to save files ever 60 seconds but I
get a unexpected error both in Linux and Windows.
D:\>tshark -b duration:60 -w test.cap -f http
tshark: Multiple capture files requested, but no maximum capture
file size was specified.
D:\>tshark -v
TShark 0.99.4 (SVN Rev 19757)
Copyright 1998-2006 Gerald Combs <[EMAIL PROTECTED]> and
contributors.
This is free software; see the source for copying conditions.
There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled with GLib 2.6.6, with WinPcap (version unknown), with
libz 1.2.3, with
libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua 5.1, with
GnuTLS 1.5.1,
with Gcrypt 1.2.3, with MIT Kerberos.
Running on Windows XP Service Pack 2, build 2600, with WinPcap
version 3.1
(packet.dll version 3, 1, 0, 27), based on libpcap version
0.9[.x].
Built using Microsoft Visual C++ 6.0 build 8804
Reviewing the archives I see that someone else had the same problem, but
this was not fixed in 0.94 or 0.95 as the response suggests
http://www.wireshark.org/lists/wireshark-users/200701/msg01139.html
I've had a quick look at the code and I can see the specific problem.
At line 1288 of tshark.c there seems that the command validation only
allows the filesize method of autostopping.
if (!capture_opts.has_autostop_filesize) {
cmdarg_err("Multiple capture files requested, but "
"no maximum capture file size was specified.");
exit(1);
}
I have naively tweaked this to try to allow for a duration instead but
it makes no difference.
if (!capture_opts.has_autostop_filesize &&
!capture_opts.has_autostop_duration ) {
cmdarg_err("Multiple capture files requested, but "
"no maximum capture file size was specified.");
exit(1);
}
>From scanning the code it appears the functionality is all there, its
just that the argument parsing is not working. Does anybody with more
c-foo than me know how to fix this?
Cheers
Alistair
**
Registered Office:
Marks and Spencer plc
Waterside House
35 North Wharf Road
London
W2 1NW
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
<>
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let us know
and then delete it from your system; you should not copy, disclose, or
distribute its contents to anyone nor act in reliance on this e-mail, as this
is prohibited and may be unlawful.
2005
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
