http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=992
Summary: Stopping capture after specified time does not work
properly
Product: Wireshark
Version: 0.99.0
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Medium
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: TBoehne@xxxxxxxx
I start a tshark process each day at midnight with the
"-a duration:86040" command line switch. I expected tshark to
terminate shortly before midnight each day, but that does not always
happen. Tshark seems to only check the duration parameter when a
packet comes through the capture filter. After the weekend there were
3 tshark processes running which all terminated as the first packet
passed the filter. Interestingly, the packet was written to each
capture file, although the "duration" time had been passed for a long
time.
Minimal example that should terminate after 10 seconds but actually
captures the last packet about 30 seconds after being started:
pc-tb-debian:~# tshark -t ad -a duration:10
Capturing on eth0
2006-07-10 14:46:19.642140 Intel_1b:bf:d4 -> Broadcast ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:20.641987 Intel_1b:bf:d4 -> Broadcast ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:21.641835 Intel_1b:bf:d4 -> Broadcast ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:46.710023 Intel_1b:bf:d4 -> Broadcast ARP Who has
10.1.62.5? Tell 10.1.62.10
4 packets captured
pc-tb-debian:~#
The same problem seems also exists in ethereal: If I check "Stop capture aftere
one second" the capture will not stop until at least one packet is captured.
Just tested on Linux/i386, but I guess it happens on other platforms as well.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.