This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

disable name mangling while autosaving file

0

I am using -b (ring buffer option) in tshark for saving in two files alternately. However it changes the name of the file everytime it writes and appends date and time to it. How can i disable it as i don't want names to change?

asked 01 Aug '16, 01:55

tatsugot's gravatar image

tatsugot
16558
accept rate: 0%

One Answer:

0

If you look at the TShark manual page you'll see that -b option is the multiple files mode. One of the possibilities is to make it into a ring buffer, by dropping old capture files. A ring of multiple files that is. And multiple files need to have unique names, which are generated from the base name you define and a suffix. So no mangling is going on, there is a suffix appended to the name of the file.

What you are probably imagining is a single file in which new bytes (frames in reality) are added at the back and 'old' bytes (frames)removed from the front. That is not really possible.

answered 01 Aug '16, 02:35

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

I want to save stream after 30s and extract fields from this pcap file and store in a file. If i use -a option it will shut off stream for saving ,i don't want to shut off and on capturing stream again and again. So i thought of using ring buffer so that I can replace old files with new ones,but since I want to extract fields I need to have names same so that I can hardcode it.

(01 Aug '16, 02:38) tatsugot