I am automating some tests that use wireshark. I will switching to tshark so the tests can be batched.
Each test will perform a capture, perhaps with a unique capture filter. How do I "terminate" the tshark process once I've captured 1000 packets (just an example), so that I can create a new tshark process for my next test ?? If a set a capture filter to "stop capturing" after 1000 packets, will that terminate the tshark process automagically ??
asked 17 Feb '12, 08:23
e.g. use -c 1000 to stop after 1000 packets.
answered 17 Feb '12, 08:41