Run the following command from the DOS prompt when in the Wireshark folder instead of running the usual PCAP:
tshark -F libpcap -i 1 -f "port 5060" -b filesize:10240 -w 3cx.pcap
To stop the capture you will now need to press Ctrl + C
By doing the above, this will make Wireshark cut your capture into file
chunks of 1MB. When the problem occurs, identify the time it happened,
identify the pcap of that particular time and send it to us.
Article ID: 92
Created: October 29, 2012
Last Updated: October 29, 2012
Author: Natural Networks NOC [support@naturalnetworks.com]
Online URL: https://kb.naturalnetworks.com/article.php?id=92