Re: [Wireshark-users] Using multiple files with tshark
On Thu, Mar 01, 2007 at 12:38:01PM -, McGlinchy, Alistair wrote: > While you are there, could you cast your eyes over this extension to > your fix to allow for the "files:value" criteria too. This works but > requires multiple uses of the -b flag (rather than the -b and -a > flags). > > ./tshark -w ~/test.cap -b files:3 -b duration:5 > > Is that what was intended? Yes, I believe so. Steve ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Using multiple files with tshark
Stephen Fisher wrote: > This fixes it: > > if (!capture_opts.has_autostop_filesize && > !capture_opts.has_file_duration) { > Excellent. Works a treat. Thanks very much. While you are there, could you cast your eyes over this extension to your fix to allow for the "files:value" criteria too. This works but requires multiple uses of the -b flag (rather than the -b and -a flags). ./tshark -w ~/test.cap -b files:3 -b duration:5 Is that what was intended? if (!capture_opts.has_autostop_filesize && !capture_opts.has_file_duration && !capture_opts.has_ring_num_files) { cmdarg_err("Multiple capture files requested, but " "no capture ring buffer criteria specified."); exit(1); } Cheers Alistair ** Registered Office: Marks and Spencer plc Waterside House 35 North Wharf Road London W2 1NW Registered No. 214436 in England and Wales. Telephone (020) 7935 4422 Facsimile (020) 7487 2670 <> Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful. 2005 ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Using multiple files with tshark
On Wed, Feb 28, 2007 at 05:11:48PM -, McGlinchy, Alistair wrote: > D:\>tshark -b duration:60 -w test.cap -f http > tshark: Multiple capture files requested, but no maximum capture > file size was specified. > At line 1288 of tshark.c there seems that the command validation only > allows the filesize method of autostopping. > I have naively tweaked this to try to allow for a duration instead but > it makes no difference. > > if (!capture_opts.has_autostop_filesize && > !capture_opts.has_autostop_duration ) { You got very close to fixing it. However, you are testing the autostop_duration variable (which is set when using -a) and not the ring-buffer duration variable (capture_opts.has_file_duration). This fixes it: if (!capture_opts.has_autostop_filesize && !capture_opts.has_file_duration) { I have checked this fix into the SVN repository as revision 20950. You can either fix your local source manually or download the latest developer source code/Windows binaries from http://downloads.wireshark.org/download/automated/ in a few hours. Thanks for bringing it to our attention! Steve ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Using multiple files with tshark
Hello, I have been trying to get the tshark to save files ever 60 seconds but I get a unexpected error both in Linux and Windows. D:\>tshark -b duration:60 -w test.cap -f http tshark: Multiple capture files requested, but no maximum capture file size was specified. D:\>tshark -v TShark 0.99.4 (SVN Rev 19757) Copyright 1998-2006 Gerald Combs <[EMAIL PROTECTED]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.6.6, with WinPcap (version unknown), with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua 5.1, with GnuTLS 1.5.1, with Gcrypt 1.2.3, with MIT Kerberos. Running on Windows XP Service Pack 2, build 2600, with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x]. Built using Microsoft Visual C++ 6.0 build 8804 Reviewing the archives I see that someone else had the same problem, but this was not fixed in 0.94 or 0.95 as the response suggests http://www.wireshark.org/lists/wireshark-users/200701/msg01139.html I've had a quick look at the code and I can see the specific problem. At line 1288 of tshark.c there seems that the command validation only allows the filesize method of autostopping. if (!capture_opts.has_autostop_filesize) { cmdarg_err("Multiple capture files requested, but " "no maximum capture file size was specified."); exit(1); } I have naively tweaked this to try to allow for a duration instead but it makes no difference. if (!capture_opts.has_autostop_filesize && !capture_opts.has_autostop_duration ) { cmdarg_err("Multiple capture files requested, but " "no maximum capture file size was specified."); exit(1); } >From scanning the code it appears the functionality is all there, its just that the argument parsing is not working. Does anybody with more c-foo than me know how to fix this? Cheers Alistair ** Registered Office: Marks and Spencer plc Waterside House 35 North Wharf Road London W2 1NW Registered No. 214436 in England and Wales. Telephone (020) 7935 4422 Facsimile (020) 7487 2670 <> Please note that electronic mail may be monitored. This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful. 2005 ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users