Wireshark-users: Re: [Wireshark-users] dumpcap process stopped

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 25 May 2018 19:38:19 +0200
Hi,

You should probably read the manual page of dumpcap. You’re running it in multiple files mode.
It is supposed to work this way. You may want to consider adding -b files:<value> to define the number of capture files to store to prevent exhausting your storage.
If configured this way you can indeed run it for an extended period. Personally I’ve run it for a couple of months on a production network like this.

Thanks,
Jaap


On 25 May 2018, at 04:10, luke devon via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:


Hi

When generating the output of dumpcap, I am getting following formt of the out put.
outfile_00001_dateformat.pcap

dumpcap -i eth1 -i eth -b duration:15 -w /pathtopcap/test.pcap  <-- this is the command

test_01704_20180524193447.pcap <-- final file name

command was running since yesterday but when I am checking the status today, it has been stoped after few hours.dumpcap process has been stopped. 

May I know is there a way to resolve this issue? I wanna run this command continously, days or months or years... until the process stoped manually.

Thank you
Luke