Wireshark · Wireshark-users: Re: [Wireshark-users] Live capture stops suddenly

Wireshark-users: Re: [Wireshark-users] Live capture stops suddenly

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Fri, 13 Mar 2009 20:09:28 -0700


On Mar 12, 2009, at 8:15 PM, Chris Henderson wrote:

I am running wireshark/ ethereal version 1.0.4 on Linux. My only
network interface is eth0 and when I start a live capture on eth0, it
stops capturing any packet after a while. It's hard to say when it
actually stops the capture as it's quite random. It doesn't give any
error, just sits there not capturing anything; although in the bottom
panel I can see: eth0: live capture in progress message. I have over
10GB disk space in my /tmp directory.


Is dumpcap still running when packets stop arriving?

What happens if you try running dumpcap, or tcpdump, from a terminalwindow? Does it also stop seeing packets after a while?


Are you using ring buffers?

Follow-Ups:
- Re: [Wireshark-users] Live capture stops suddenly
  - From: Chris Henderson

References:
- [Wireshark-users] Live capture stops suddenly
  - From: Chris Henderson

Prev by Date: Re: [Wireshark-users] Capturing stops although there is still network traffic
Next by Date: Re: [Wireshark-users] Live capture stops suddenly
Previous by thread: Re: [Wireshark-users] Live capture stops suddenly
Next by thread: Re: [Wireshark-users] Live capture stops suddenly
Index(es):
- Date
- Thread