While running Wireshark capture using AirPcap Adapters, the capture will stop on its own, so I can't capture data for long periods of time. This has been an on going problem for me, and I have already gone through CACE Technologies for help, but they insist that it is a Wireshark issue. Is this a known issue and is there a solution to this problem? asked 13 Apr '11, 05:04  SigmaEng edited 16 Jun '12, 19:58  cmaynard ♦♦ |
One Answer:
Have a look at http://wiki.wireshark.org/KnownBugs/OutOfMemory, wireshark has not been written for long time capture purposes. The best way to capture for a long time is to use command line tool dumpcap (which wireshark also uses to do the capturing). Have a look at the "-b" options of dumpcap in particular. answered 13 Apr '11, 08:04  SYN-bit ♦♦ |
I understand your answer, but it will capture much longer from a wired network vs over the air with AirPcap adapters. I can only capture data for about a half hour with AirPcap (at the most), but with a wired network from an Ethernet card I can capture for much longer. Why shorter time period with AirPcap?
It may have to do with the amount and kind of packets. For example: on wireless captures you often have tons of beacon frames which might get you into trouble sooner than on a wired link that doesn't have those.
SYN-bit, you said that wireshark is not for long time capture. Is this true even if I use multiple file to capture example next every 200MB? and will I loose some data if i used multiple file ??