Re: dumpcap process stopped

[Jaap Keuter <jaap.keuter () xs4all nl>]

Out of curiosity, what issues did you have with the NIC?

> On 1 Jun 2018, at 04:50, luke devon via Wireshark-users <wireshark-users () wireshark org> wrote:
>
> Hi Jaap, 
>
> I think, I have fixed the issue which had in the network interface card. So far dump is running without any problem.
>
> Thank you for  the guidance.
>
> Br
> Luke.
>
> On Saturday, 26 May 2018, 4:43:11 PM GMT+8, luke devon via Wireshark-users <wireshark-users () wireshark org> wrote:
>
>
> Hi Jaap, 
>
> Yes, the actual problem is dumpcap process stopped unexpectedly. It happened two times. However, I will start to 
> debug this issue this Monday onwards. I will update you the status.
>
> Thank you
> Luke.
>
>
>
> On Saturday, 26 May 2018, 3:12:46 PM GMT+8, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
>
>
> Hi,
>
> So, the actual problem you are talking about is that the dumpcap process stopped unexpectedly?
> This is uncommon unless there are external factors in play, e.g. , a network interface went down, the output file got 
> (re-)moved before complete, the OOM killer kicked in. If you can find evidence of this, that might explain it. 
> Was it a one time occurrence, or a reproducible event? This would allow further study of the conditions.
>
> Thanks,
> Jaap
>
>
> > On 26 May 2018, at 04:40, luke devon via Wireshark-users <wireshark-users () wireshark org <mailto:wireshark-users 
> > () wireshark org>> wrote:
> >
> > Hi Jaap, 
> >
> > Thank you for the reply and the suggestion. However, I have a script that controls the hard disk space. It won't 
> > exhaust the storage.  I have used the same setup with tcpdump since the last couple of years. But I had to deal with 
> > another network interface, that is why I decided to use dumpcap or tshark.
> >
> > I will not let go the storage space beyond 90% of it. Fully controlled.
> >
> >   
> > -b duration:15  --> jump to a new dump, likewise, it continues. usually, PCAP file size is 70-75MB and once 
> > compressed it will be 18-20MB. 
> >
> > anyway, the issue that I have faced with dumpcap was really unexpected. Even there is nothing in the man pages to 
> > have a try. I was looking for a  guidance. if anyone out there who has faced this problem before.
> >
> > Regards
> > Luke
> > On Saturday, 26 May 2018, 1:39:18 AM GMT+8, Jaap Keuter <jaap.keuter () xs4all nl <mailto:jaap.keuter () xs4all nl>> 
> > wrote:
> >
> >
> > Hi,
> >
> > You should probably read the manual page of dumpcap. You’re running it in multiple files mode.
> > It is supposed to work this way. You may want to consider adding -b files:<value> to define the number of capture 
> > files to store to prevent exhausting your storage.
> > If configured this way you can indeed run it for an extended period. Personally I’ve run it for a couple of months 
> > on a production network like this.
> >
> > Thanks,
> > Jaap
> >
> >
> > > On 25 May 2018, at 04:10, luke devon via Wireshark-users <wireshark-users () wireshark org <mailto:wireshark-users 
> > > () wireshark org>> wrote:
> > >
> > >
> > > Hi
> > >
> > > When generating the output of dumpcap, I am getting following formt of the out put.
> > > outfile_00001_dateformat.pcap
> > >
> > > dumpcap -i eth1 -i eth -b duration:15 -w /pathtopcap/test.pcap  <-- this is the command
> > >
> > > test_01704_20180524193447.pcap <-- final file name
> > >
> > > command was running since yesterday but when I am checking the status today, it has been stoped after few 
> > > hours.dumpcap process has been stopped. 
> > >
> > > May I know is there a way to resolve this issue? I wanna run this command continously, days or months or years... 
> > > until the process stoped manually.
> > >
> > > Thank you
> > > Luke 
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark 
> > org>>
> > Archives:    https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
> > <https://www.wireshark.org/mailman/options/wireshark-users>
> >             mailto:wireshark-users-request () wireshark org <mailto:wireshark-users-request () wireshark 
> > org>?subject=unsubscribe
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark 
> > org>>
> > Archives:    https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
> > <https://www.wireshark.org/mailman/options/wireshark-users>
> >             mailto:wireshark-users-request () wireshark org?subject=unsubscribe <mailto:wireshark-users-request () 
> > wireshark org?subject=unsubscribe>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>>
> Archives:    https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
> <https://www.wireshark.org/mailman/options/wireshark-users>
>             mailto:wireshark-users-request () wireshark org <mailto:wireshark-users-request () wireshark 
> org>?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>>
> Archives:    https://www.wireshark.org/lists/wireshark-users <https://www.wireshark.org/lists/wireshark-users>
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users 
> <https://www.wireshark.org/mailman/options/wireshark-users>
>             mailto:wireshark-users-request () wireshark org <mailto:wireshark-users-request () wireshark 
> org>?subject=unsubscribe
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe