Wireshark looks inactive but isn’t…

Hello.

We had used Wireshark 1.2.6 with a ring buffer to get traces for 72 hours. Yesterday, I installed a newer version of Wireshark on a WinXP machine. A shortcut to Wireshark was put in the autorun folder for XP. The shortcut command looks like this:

C:\Program Files\Wireshark\wireshark.exe -C "EM02" -b duration:1800 -b files:144 -B 20 -f "ether host 08:00:06:01:60:02" -i 1 -k -n -w \\Server61\Traces\EM02 -y EN10MB

The profile "EM02" is the standard profile. Only the Capture Info dialog is hidden.

Everything works great, but I'm a little bit confused about the behavior of Wireshark after the first file is written, after 30 minutes, and when the next file starts.

• In the old version (1.2.6), the Wireshark icon stayed green. Now, it turns back to blue.
• The buttons for start capture and options couldn't be used and stayed gray. Now, they can be used and look normal.
• The buttons for stop and restart capture were useable. Now, they become unusable and turn to gray.

It looks like Wireshark has stopped the capture, but in the deepest rows, there is still the message < live capture in progress > to file..., and the packet counter still increases.

Wireshark still works correctly despite these false GUI indications... ;-) Any ideas how to workaround this?

Thanks, Armin