Can any one explain the main objective of trigcap.c and also its functioning briefly? This question is marked "community wiki". asked 01 Oct '11, 00:12  Terrestrial ... edited 01 Oct '11, 02:54 |
One Answer:
It uses the BPF to find start and stop conditions. Between the two it saves captured packets to a file. answered 01 Oct '11, 01:06  Jaap ♦ |
i'm just a beginner so could you please explain me how to use it at runtime? can you forward or post the info related to this here?
It's a command line tool with the following syntax:
trigcap -w outfile -b begin -e end [-f capture] [-i iface] [-s snaplen] [-p] [-q] [-d [-d [-d [-d]]]]When capture filter expression
beginbecomes true start capturing frames inoutfileuntil capture filter expressionendbecomes true. Example:tripcap -w mycap.pcap -b "ip[0]!=45" -e "tcp[tcpflags]&tcp-syn==tcp-syn"This starts capturing frames into mycap.pcap after an IPv4 packet with options is seen, and stops after TCP syn flag is seen.
cmd prompt isn't recognizing it as a process.what should be my path at the dos prompt? (Also i didn't found any executable called trigcap inside the wireshark folder)
i read bug 2039 and came to know that windows cannot run the trigcap. But thats the matter of year 2007. Any new updates with triggers on windows now?
This would indeed be fabulous if we had a tool like trigcap in the wireshark suite :-) imagin what fun troubleshooting will get if you would only have to trace on certain conditions!