Wireshark-users: [Wireshark-users] Run TShark + USBPcap forever on Windows

Date Prev · Date Next · Thread Prev · Thread Next
From: Matthew Dierker <matthew.dierker@xxxxxxxxx>
Date: Fri, 3 Feb 2017 18:44:15 -0800
Hi! I'm using TShark to pipe USB packets on Windows from USBPcap to a Python program. TShark is run using Python's subprocess library. I'm having TShark echo the results to a subprocess.PIPE object as json, and I'm reading that in from the Python code. As far as I know, no packets are ever written to a file.

It's all working fine, but TShark eventually decides it's time to exit, notated by "XXX packets captured" printed to stderr. My goal is to have this run indefinitely in the background, and a silent restart isn't a great option because of the UAC dialog that pops up each time. Any idea why TShark decides to exit if it isn't hitting a file limit?

Sample Params: tshark.exe -i [usb interface] -x -T json -l -Y [display filter]

Thanks!