You might find dumpcap works better than tshark with your suggested solution.
Though this is a Wireshark mailing list, perhaps netcat would be useful to try. http://www.vulnwatch.org/netcat/ Look for: -DGAPING_SECURITY_HOLE here: http://www.vulnwatch.org/netcat/readme.html Good luck! On 10/30/07, Travis Love <[EMAIL PROTECTED]> wrote: > > Okay, this is a bit trickier of a question than my last one. I've been > beating my head on this for a couple of weeks, and have almost nothing. So > here goes: > > I have a reasonably complex capture filter designed to capture packets > from rogue DHCP servers on our network. However, the boss wants something > that will alert the tech using the machine that the filter is running on > that he's got to hunt down a rogue. The only solution I've thought of so > far is to use tshark, dumping to a cap file, and have another script running > concurrently to check the file every minute or so and alert the user if the > size is larger than 0. > > There's got to be a better way than that, right? Any ideas would be very > much appreciated. > > -Travis > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > >
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
