Why does "tshark -b packets:value" not work?

tshark
retag add tags

Hello，experts

    On Windows 10, using tshark, why does "tshark -b packets:value" not work?

    "tshark -b packets:1000 -w test.pcapng"  or  "tshark -b packets:1000 -b files:3 -w test.pcapng"
    tshark: Multiple capture files requested, but no maximum capture file size, duration or interval was specified.

    tshark version
    TShark (Wireshark) 3.4.6 (v3.4.6-0 - g6357ac1405b8))

Regards, 7ACE

7ACE

asked 2021-07-04 02:29:04 +0000

edit flag offensive 0 remove flag close merge delete

Comments

I can't answer your question why it's not possible to do a multiple file capture based on the count of packets only. From my understanding this should work as expected. Maybe a bug?

But as the error message says: just add a maximum file size, duration or interval to your command and it will work. Select a high value so that the packet counter will take in place first.

tshark -b duration:100000 -b packets:100 -w test.pcap

JasMan (2021-07-04 10:33:56 +0000) edit

Thank you for the answer!

7ACE (2021-07-05 00:20:12 +0000) edit

add a comment see more comments

Comments

!3563: tshark/wireshark: Fix check ring buffer option for packets

Chuckc (2021-07-04 17:14:43 +0000) edit

bug fix merged into master. https://gitlab.com/wireshark/wireshar...

As mentioned "-b packets:value" already works with current version of dumpcap.

André (2021-07-04 21:23:49 +0000) edit

Thanks guys !

7ACE (2021-07-05 00:21:27 +0000) edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Why does "tshark -b packets:value" not work? edit

Comments

1 Answer

Comments