I have a trace file which is keep growing till trace stops. My requirement is to display the growing trace file in Wireshrk so that user can get the real time packet capturing experience. I have Wireshark Version 1.6.0rc2. How can I achieve this using command line parameters? Please suggest. asked 07 Nov '12, 20:17  manojdeoli edited 07 Nov '12, 20:18 |
2 Answers:
By default, Wireshark updates the packet list while capturing in GUI mode. The following options will change that behaviour:
Please try them to see the difference. You can set these option on the commandline
TRUE enables the option and FLASE disables the option. If you capture at the commandline (with tshark), tshark will show the packets as well and if you use option -w (write capture file) it will count the packets and show that counter. If your Wireshark version does not work like this, I recommend to use the latest released version 1.8.3. If I misunderstood your question, please add some details. Regards answered 08 Nov '12, 00:38  Kurt Knochner ♦ |
I think you're saying that some other process is creating the capture file and you want Wireshark to read from that file like it was a live capture; is that correct? In that case: Wireshark doesn't do that yet. There is a bug request asking for the functionality: bug 5982 but it hasn't been implemented yet. Also: 1.6.0rc2 is a Release Candidate for 1.6.0. 1.6.0 (the official release) has long since been released and the current 1.6 version is 1.6.11... answered 08 Nov '12, 06:01  JeffMorriss ♦ |
