Need help figuring out a large gap in trace | Windows 11

[Adithya Krishna <adithya.krsna () gmail com>]

Hi there!

I am a new user of Wireshark and recently started logging packet traces on
my Windows 11 computer using the tshark command prompt option. I am using a
ring-buffer with a duration filter, and the tracing has been mostly fine.
Below is the exact CLI prompt being used.

[image: image.png]

When I look at the file after it has been completely generated, I have been
noticing significant gaps between successive entries in the log.
The biggest one was around 26 minutes (please see image below) when I was
using the same network that I was on throughout the logging duration - I
was on a video call between 16:30 and 16:58, roughly, so it isn't an issue
with laptop hibernating or network getting disconnected either.
[image: Wireshark trace gap.png]

I went through all the FAQs and other help guides but could not figure out
the reason behind this. Would be really grateful if you can help me
understand the reason(s) behind this gap and if being on Windows 11 is one
of the reasons for the same.

Cheers,
Adi

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe