This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark capture stops on its own while using AirPcap adapter

0

While running Wireshark capture using AirPcap Adapters, the capture will stop on its own, so I can't capture data for long periods of time. This has been an on going problem for me, and I have already gone through CACE Technologies for help, but they insist that it is a Wireshark issue. Is this a known issue and is there a solution to this problem?

asked 13 Apr '11, 05:04

SigmaEng's gravatar image

SigmaEng
1111
accept rate: 0%

edited 16 Jun '12, 19:58

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


One Answer:

3

Have a look at http://wiki.wireshark.org/KnownBugs/OutOfMemory, wireshark has not been written for long time capture purposes.

The best way to capture for a long time is to use command line tool dumpcap (which wireshark also uses to do the capturing). Have a look at the "-b" options of dumpcap in particular.

answered 13 Apr '11, 08:04

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

I understand your answer, but it will capture much longer from a wired network vs over the air with AirPcap adapters. I can only capture data for about a half hour with AirPcap (at the most), but with a wired network from an Ethernet card I can capture for much longer. Why shorter time period with AirPcap?

(13 Apr '11, 08:23) SigmaEng
1

It may have to do with the amount and kind of packets. For example: on wireless captures you often have tons of beacon frames which might get you into trouble sooner than on a wired link that doesn't have those.

(13 Apr '11, 13:52) Jasper ♦♦

SYN-bit, you said that wireshark is not for long time capture. Is this true even if I use multiple file to capture example next every 200MB? and will I loose some data if i used multiple file ??

(10 Jun '13, 12:11) Ashraf