Hi! I'm using TShark to pipe USB packets on Windows from USBPcap to a Python program. TShark is run using Python's subprocess library. I'm having TShark echo the results to a subprocess.PIPE object as json, and I'm reading that in from the Python code. As far as I know, no packets are ever written to a file.
It's all working fine, but TShark eventually decides it's time to exit, notated by "XXX packets captured" printed to stderr. My goal is to have this run indefinitely in the background, and a silent restart isn't a great option because of the UAC dialog that pops up each time. Any idea why TShark decides to exit if it isn't hitting a file limit?
Sample Params: tshark.exe -i [usb interface] -x -T json -l -Y [display filter]
You might be able to work with the ring-buffer (-b) flag to get something to work:
Evan