Wireshark mailing list archives
Re: dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]
From: Guy Harris <guy () alum mit edu>
Date: Tue, 24 Aug 2010 17:22:56 -0700
On Aug 24, 2010, at 4:52 PM, Gregorio Tomas Focaccio wrote:
The documentation I found for dumpcap did not say what happens if the -f filter argument is left off the dumpcap command. Do you know what happens?
It does no filtering - every packet that gets handed by the lower levels of the OS (device driver, maybe lower levels of the networking stack before, for example, IP) to the packet capture mechanism (and doesn't get dropped by the packet capture mechanism because its buffer fills up) gets passed on to libpcap/WinPcap, and gets written to a file by dumpcap. (The same is true of tcpdump, BTW.) ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Gregorio Tomas Focaccio (Aug 24)
- Re: dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Guy Harris (Aug 24)
- Re: dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Phil Paradis (Aug 24)
- Re: dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?] Jeff Morriss (Aug 25)