| Hi,
Not sure what’s going on here, but there’s one thing I would like to point out. For long term capture I would *strongly* recommend using dumpcap instead. Reason behind this is that Tshark invokes the dissection engine for the captured packets, which in this case is not what’s needed, but still takes up processing and (lot’s of) memory. Instead you can invoke the capture engine used by Tshark directly. Dumpcap mostly uses the same command line parameters. Have a look at the manual page. Several years ago I had dumpcap running for months without issue.
Regards, Jaap
Hi there!
I am a new user of Wireshark and recently started logging packet traces on my Windows 11 computer using the tshark command prompt option. I am using a ring-buffer with a duration filter, and the tracing has been mostly fine. Below is the exact CLI prompt being used
|