mailing list archives
Re: [Wireshark-users] Need to record bandwidth used by branch office VPN tunnels
From: Christopher Maynard <Christopher.Maynard () gtech com>
Date: Mon, 12 Aug 2013 20:12:43 +0000 (UTC)
Laura Chappell <lchappell () > writes:
Wouldn't it be best if tshark stopped saving the packets once the statistic
is obtained for the timeframe?
Due to privilege separation, tshark isn't actually saving any packets;
From Jeff Morriss's comment in bug 2234:
Yes, this is actually the expected behavior now. As a result of the
work done for privilege separation the (small, reasonable to run
setuid-root) tool doing the capturing (dumpcap) is also writing out the
tshark then reads that file in so it can display the output (when not
using "-w" to write the file).
Guy Harris opened bug 2743 as a potential remedy, but this has yet to be
Another potential future solution (that unfortunately doesn't currently
avoid creating a temp file either) would be to have dumpcap pipe the
packets to tshark, something like as follows:
dumpcap -i <n> -q -P -w - | tshark -i - –q
,ip.addr==192.168.3.0/24 > mystats.txt
CTRL+C to stop the capture process manually or use a –a autostop condition
In this case, it's not the first instance of dumpcap creating the temp file
but the second one capturing on stdin, i.e., '-'. If this were possible
though, it would probably resolve [or help to resolve] bug 1814 as well.
And while a successful resolution to bug 2743 would negate the need for
explicit piping, my thought here was that it *might* be easier to make
changes to tshark to avoid using dumpcap when capturing from a pipe, since
that's what bug 2743 proposes that dumpcap does implicitly when tshark is
not writing to a file. Here we have an explicit pipe though, so *perhaps*
it's a little easier to get this part working at least? I haven't looked
into what changes would be needed though, so it might end up being just as
much work either way.
Regardless, as others have already mentioned, there are other tools better
suited for this particular job than *shark.
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Re: Need to record bandwidth used by branch office VPN tunnels Sake Blok (Aug 09)
Re: Need to record bandwidth used by branch office VPN tunnels Giles Coochey (Aug 09)