We had used Wireshark 1.2.6 with a ring buffer to get traces for 72 hours. Yesterday, I installed a newer version of Wireshark on a WinXP machine. A shortcut to Wireshark was put in the autorun folder for XP. The shortcut command looks like this:
The profile "EM02" is the standard profile. Only the Capture Info dialog is hidden.
Everything works great, but I'm a little bit confused about the behavior of Wireshark after the first file is written, after 30 minutes, and when the next file starts.
It looks like Wireshark has stopped the capture, but in the deepest rows, there is still the message < live capture in progress > to file..., and the packet counter still increases.
Wireshark still works correctly despite these false GUI indications... ;-) Any ideas how to workaround this?
asked 22 Sep '11, 00:27
edited 24 Sep '11, 15:48
Wireshark works fine, just try to use the updated version .....(1.6.2)
answered 28 Sep '11, 04:59