Wireshark-users: Re: [Wireshark-users] dumpcap process stopped

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: luke devon <luke_devon@xxxxxxxxx>
Date: Sat, 2 Jun 2018 05:33:30 +0000 (UTC)
errors encountered in no.of RX/TX packets. So far dumpcap is still running with new NIC. I am keep monitoring.

Thank you
Luke.

On Saturday, 2 June 2018, 3:48:17 AM GMT+8, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:


Out of curiosity, what issues did you have with the NIC?

On 1 Jun 2018, at 04:50, luke devon via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:

Hi Jaap, 

I think, I have fixed the issue which had in the network interface card. So far dump is running without any problem.

Thank you for  the guidance.

Br
Luke.

On Saturday, 26 May 2018, 4:43:11 PM GMT+8, luke devon via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:


Hi Jaap, 

Yes, the actual problem is dumpcap process stopped unexpectedly. It happened two times. However, I will start to debug this issue this Monday onwards. I will update you the status.

Thank you
Luke.



On Saturday, 26 May 2018, 3:12:46 PM GMT+8, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:


Hi,

So, the actual problem you are talking about is that the dumpcap process stopped unexpectedly?
This is uncommon unless there are external factors in play, e.g. , a network interface went down, the output file got (re-)moved before complete, the OOM killer kicked in. If you can find evidence of this, that might explain it. 
Was it a one time occurrence, or a reproducible event? This would allow further study of the conditions.

Thanks,
Jaap


On 26 May 2018, at 04:40, luke devon via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:

Hi Jaap, 

Thank you for the reply and the suggestion. However, I have a script that controls the hard disk space. It won't exhaust the storage.  I have used the same setup with tcpdump since the last couple of years. But I had to deal with another network interface, that is why I decided to use dumpcap or tshark.

I will not let go the storage space beyond 90% of it. Fully controlled.

  
-b duration:15  --> jump to a new dump, likewise, it continues. usually, PCAP file size is 70-75MB and once compressed it will be 18-20MB. 

anyway, the issue that I have faced with dumpcap was really unexpected. Even there is nothing in the man pages to have a try. I was looking for a  guidance. if anyone out there who has faced this problem before.

Regards
Luke
On Saturday, 26 May 2018, 1:39:18 AM GMT+8, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:


Hi,

You should probably read the manual page of dumpcap. You’re running it in multiple files mode.
It is supposed to work this way. You may want to consider adding -b files:<value> to define the number of capture files to store to prevent exhausting your storage.
If configured this way you can indeed run it for an extended period. Personally I’ve run it for a couple of months on a production network like this.

Thanks,
Jaap


On 25 May 2018, at 04:10, luke devon via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:


Hi

When generating the output of dumpcap, I am getting following formt of the out put.
outfile_00001_dateformat.pcap

dumpcap -i eth1 -i eth -b duration:15 -w /pathtopcap/test.pcap  <-- this is the command

test_01704_20180524193447.pcap <-- final file name

command was running since yesterday but when I am checking the status today, it has been stoped after few hours.dumpcap process has been stopped. 

May I know is there a way to resolve this issue? I wanna run this command continously, days or months or years... until the process stoped manually.

Thank you
Luke 


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe