Hi, "take a look at how tcpdump/WinDump implement -C and -G. -C is implemented by checking the file size with pcap_dump_ftell(); "
and then.. i should stop all the recording and start it mannualy again (and loose packets) or their is a way to 'split' the recordings file in a smarter way. Thanks a lot for the help. 2011/11/2 Guy Harris <[email protected]> > > On Nov 2, 2011, at 12:25 PM, j.snelders wrote: > > > On Wed, 2 Nov 2011 19:58:23 +0200 Tal Attaly wrote: > >> Hi, > >> > >> How can i make an automatic 'split' of the recorded file, so the > recording > >> will be saved in multiple files? (For example- start record to a new > file > >> as soon as the current file exceeds 25 MB / 60 minutes past) > > > > Wireshark > > http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureOptions.html > > Go to: > > Capture | Options > > > > Section Capture File(s) > > File: define an outputfile > > Select: > > - Use multiple files > > - Next file every 25 megabyte(s) > > - Next file every 1 hour(s) > > Hit Start > > > > TShark > > http://www.wireshark.org/docs/man-pages/tshark.html > > tshark -i 3 -a duration:3600 -a filesize:25000 -a files:3 -w test-a.pcap > > WinDump > > see the -C and -G flags: > > windump -i 3 -C 25 -G 3600 -w test-a.pcap > > note that "25" means "25,000,000 bytes", not "26,214,400 bytes" > > Your own program > > take a look at how tcpdump/WinDump implement -C and -G. -C is > implemented by checking the file size with pcap_dump_ftell(); -G is > implemented by checking the time before writing each packet (yes, that > means that if no packets arrive during an entire -G time period, you will > *NOT* get an empty file for that period). > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users >
_______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
