For example, I hope to display the newest 65535 packets and drop the oldest ones, in order to save memory when I am waiting some event that happens randomly. I cannot find the option on this. Is it possible or no this feature currently?
Sorry for my poor English.
asked 04 Oct '11, 22:48
There is the option of using multiple files (see the capture options dialog). Still that doesn't really solve your memory problem since Wireshark collects state on the frames seen. If you have to option to detect the 'event' in another way, it's preferable to use dumpcap, the command line tool that just captures frames and dumps them in files. Also here the multiple file option helps. Once you know the rough timestamp of the 'event' you can pick up the relevant capture files.
answered 05 Oct '11, 00:11