J P wrote: > Thanx Jaap! > > DUMPCAP seems to work in my testing so far. > > Am I correct to assume that I can run two instances of DUMPCAP on two > Different interfaces at the same time? (I do not have access to my > production machine right now)
Yes, it should be fine. > These are the DUMPCAP commands I am proposing to use to capture UNISTIM > and RTP packets, rotating every hour with a max of 1000 files: > > * dumpcap -i 2 -f "udp port 5000 or udp portrange 20000-40000" -b > files:1000 -b duration:3600 -w c:\dump.cap > * dumpcap -i 3 -f "udp port 5000 or udp portrange 20000-40000" -b > files:1000 -b duration:3600 -w c:\dump.cap I'd strongly suggest *not* sending the output from each 'dumpcap' to the same file. Rather, create 2 files (e.g., "dump2.cap" and "dump3.cap") and if later you need only one file then use 'mergecap' to merge them. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
