Wireshark mailing list archives
Re: dumpcap process stopped
From: luke devon via Wireshark-users <wireshark-users () wireshark org>
Date: Fri, 1 Jun 2018 02:50:26 +0000 (UTC)
Hi Jaap,
I think, I have fixed the issue which had in the network interface card. So far dump is running without any problem.
Thank you for the guidance.
BrLuke.
On Saturday, 26 May 2018, 4:43:11 PM GMT+8, luke devon via Wireshark-users <wireshark-users () wireshark org>
wrote:
Hi Jaap,
Yes, the actual problem is dumpcap process stopped unexpectedly. It happened two times. However, I will start to debug
this issue this Monday onwards. I will update you the status.
Thank youLuke.
On Saturday, 26 May 2018, 3:12:46 PM GMT+8, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
Hi,
So, the actual problem you are talking about is that the dumpcap process stopped unexpectedly?This is uncommon unless
there are external factors in play, e.g. , a network interface went down, the output file got (re-)moved before
complete, the OOM killer kicked in. If you can find evidence of this, that might explain it. Was it a one time
occurrence, or a reproducible event? This would allow further study of the conditions.
Thanks,Jaap
On 26 May 2018, at 04:40, luke devon via Wireshark-users <wireshark-users () wireshark org> wrote:
Hi Jaap,
Thank you for the reply and the suggestion. However, I have a script that controls the hard disk space. It won't
exhaust the storage. I have used the same setup with tcpdump since the last couple of years. But I had to deal with
another network interface, that is why I decided to use dumpcap or tshark.
I will not let go the storage space beyond 90% of it. Fully controlled.
-b duration:15 --> jump to a new dump, likewise, it continues. usually, PCAP file size is 70-75MB and once
compressed it will be 18-20MB.
anyway, the issue that I have faced with dumpcap was really unexpected. Even there is nothing in the man pages to have
a try. I was looking for a guidance. if anyone out there who has faced this problem before.
RegardsLuke On Saturday, 26 May 2018, 1:39:18 AM GMT+8, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
Hi,
You should probably read the manual page of dumpcap. You’re running it in multiple files mode.It is supposed to work
this way. You may want to consider adding -b files:<value> to define the number of capture files to store to prevent
exhausting your storage.If configured this way you can indeed run it for an extended period. Personally I’ve run it for
a couple of months on a production network like this.
Thanks,Jaap
On 25 May 2018, at 04:10, luke devon via Wireshark-users <wireshark-users () wireshark org> wrote:
Hi
When generating the output of dumpcap, I am getting following formt of the out put.outfile_00001_dateformat.pcap
dumpcap -i eth1 -i eth -b duration:15 -w /pathtopcap/test.pcap <-- this is the command
test_01704_20180524193447.pcap <-- final file name
command was running since yesterday but when I am checking the status today, it has been stoped after few hours.dumpcap
process has been stopped.
May I know is there a way to resolve this issue? I wanna run this command continously, days or months or years... until
the process stoped manually.
Thank youLuke
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- dumpcap process stopped luke devon via Wireshark-users (May 24)
- Re: dumpcap process stopped Jaap Keuter (May 25)
- Re: dumpcap process stopped luke devon via Wireshark-users (May 25)
- Re: dumpcap process stopped Jaap Keuter (May 26)
- Re: dumpcap process stopped luke devon via Wireshark-users (May 26)
- Re: dumpcap process stopped luke devon via Wireshark-users (May 31)
- Re: dumpcap process stopped luke devon via Wireshark-users (May 25)
- Re: dumpcap process stopped Jaap Keuter (May 25)