Re: Tshark Temp files

[Philip Heady <pheady () prolexic com>]

Good afternoon:

I have a question about the temp files that wireshark/tshark creates in
/tmp/wiresharkXXXXX*.

In version 1.0.15 these temp files are not generated, however in version
1.2.15 they are, and we don't want any temp files left over. Nor do I want
to have to run a cron script to delete these daily.

Any idea why I am seeing this behavior in these two versions? They both
allow the -w flag, however we are not using this flag to control output to
file.

I see that we may need to use -b <caption ring bugger option> option which
should discard temp files once they fill up the buffer, and generate new
ones after.

So not sure why 1.0.15 is not creating tmp files, and why 1.2.15. Probably
due to a different pcap library.

If you could provide some insight or explanation on which version, and/or
commands to use that would be most appreciated. Should we upgrade to the
latest stable 1.10.x?

Thanks,
Philip H.

-- 

*Philip Heady *|
*Systems Engineer*

*Prolexic Technologies *| DDoS Attacks End Here.
p: +1 954 620 6002 ext. 1084
e: pheady () prolexic com
1930 Harrison Street, Suite 403 | Hollywood, Florida 33020
www.prolexic.com

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe