Revision history [back]

Revision 2

updated 2019-09-11 21:24:08 +0000

Hi Billy,

As you can see with bubbasnmp's answer, the files: option requires a number, not a path. A valid command might look like this:

tshark -a filesize:100000 -a files:5 -b duration:5s -w 'C:\TEMP\User'

This will stop the capture after 100MB across a max of 5 files with a ring buffer (-b) that changes every 5 seconds. This is the listing I get for the above command:

PS C:\> ls C:\TEMP


    Directory: C:\TEMP


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/11/2019   2:20 PM            348 User_00001_20190911142016
-a----        9/11/2019   2:20 PM            348 User_00002_20190911142021
-a----        9/11/2019   2:20 PM          21188 User_00003_20190911142028
-a----        9/11/2019   2:20 PM            920 User_00004_20190911142034
-a----        9/11/2019   2:20 PM           7936 User_00005_20190911142039

Revision 1

Ross Jacobs

answered 2019-09-11 21:22:47 +0000

Hi Billy,

As you can see with bubbasnmp's answer, the files: option requires a number, not a path. A valid command might look like this:

~~bash tshark -a filesize:100000 -a files:5 -b duration:5s -w 'C:\TEMP\User'~~

 This will stop the capture after 100MB across a max of 5 files with a ring buffer (-b) that changes every 5 seconds. 
This is the listing I get for the above command:
 ```powershell
PS C:> ls C:\TEMP
 PS C:\> ls C:\TEMP


    Directory: C:\TEMP

Mode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 9/11/2019 2:20 PM 348 User_00001_20190911142016 -a---- 9/11/2019 2:20 PM 348 User_00002_20190911142021 -a---- 9/11/2019 2:20 PM 21188 User_00003_20190911142028 -a---- 9/11/2019 2:20 PM 920 User_00004_20190911142034 -a---- 9/11/2019 2:20 PM 7936 User_00005_20190911142039 ```