WireShark stops after 15 seconds no matter how many parameters I change to increase the duration or file size . I just running Wireshark from the command line with the following. Trying to let it run for 120 seconds - it always stops after 15 seconds. tshark -i 4 -p -a duration:120 -w TestCapture3.pcap It does NOT crash. It just stops capturing. Version is 2.0.4 It stops capturing and terminates after 15 seconds. Answers to questions that were asked. • What OS are you running on? Windows Server 2012 R2 / 64-bit • How much memory does the system have? 16 GB • How much traffic is tshark capturing within that 15 seconds? File sizes range from 250,000 KB to 350,000 KB. • Is it data dependent, for example how long does it capture if you apply a simple capture filter, such as "-f icmp"? No filters are being used. • Does it continue to capture if you don't specify a capture duration, or does it always terminate after 15 seconds regardless of a capture duration being specified or not? Always terminates after 15 seconds. • How much disk space is available on the drive or partition to where you're attempting to write the TestCapture3.pcap file? 50 GB asked 20 Jul '16, 07:40 Larth edited 22 Jul '16, 10:55 |
That is neither enough information, nor is it a question. What exactly are you doing with Wireshark before it stops?
What version of Wireshark are you running? On what OS? What do you mean by "WireShark stops"? Does it crash? Does it just stop capturing? Does
dumpcap
work as expected? How abouttshark
? What capture parameters are you using? This may be a basic question equivalent to "Is it powered on?", but you didn't happen to explicitly instruct Wireshark to stop capturing after 15 seconds, did you? As @Jasper indicates, you should really provide more information if anyone is going to have a chance at helping you.It just stops capturing.
So to be clear, it stops capturing packets after 15 seconds, but continues to run for another 105 seconds and then
tshark
terminates, making the total running time 120 seconds with only 15 seconds of captured traffic. Is that correct? Or does it stop capturing and terminate after only 15 seconds?What OS are you running on? How much memory does the system have? How much traffic is
tshark
capturing within that 15 seconds? Is it data dependent, for example how long does it capture if you apply a simple capture filter, such as "-f icmp
"? Does it continue to capture if you don't specify a capture duration, or does it always terminate after 15 seconds regardless of a capture duration being specified or not? How much disk space is available on the drive or partition to where you're attempting to write theTestCapture3.pcap
file?Which version of WinPcap is installed? How long can you capture with WinDump? (Might as well provide entire
Help -> About Wireshark
information as well.)