 | 1 | initial version |
You might want to rethink your capture and filtering approach.
If you use dumpcap to capture, especially with multiple files of a specific size to limit the subsequent search, you can then post process those files with tshark to search for your string and output the results elsewhere as you require.
Using dumpcap in this way also ensures the capture process won't run out of memory, as Wireshark will.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
