When I run wireshark it stops at random times telling me: The network adapter on which the capture was being done is no longer running; the capture has stopped. tshark just exists without any message. Some more context:
Does anybody have an idea what the problem might be or how to debug? asked 02 Jul '17, 07:20  Monkeybusiness edited 03 Jul '17, 02:19 showing 5 of 6 show 1 more comments |
One Answer:
The extremely lame result of trying further is that I think some network manager or similar was interfering. If you have the same problem:
Somebody also warned me that for USB devices it might be a power problem and it might help to try with an externally powered hub. Not relevant for me, but maybe for you. answered 05 Jul '17, 00:11 Monkeybusiness edited 05 Jul '17, 00:12 |
This usually happens when the network card loses its link. Can you check if that was the case? And if not, try to capture with dumpcap instead of tshark to check if it's related to packet decodings?
Ah, maybe I should have mentioned: I'm capping wifi!
If you are not capturing in monitoring mode, it could well be that the network card loses association with the AP for a while, which has similar consequences like cable disconnection for wired interfaces, but it is just a wild guess.
I am capturing in monitor mode.
Assuming your on Linux, use dmesg and other system logs. You can get the status of the interface with iw dev, iwconfig, and ifconfig.
With no logs, no OS noted, and no hardware description, it's very difficult to help you.
@bobjones I added some more context