Thanks, Hugo, I think you are right. So, the only way I can handle the problem is to save the pcap file and stop the tcpdump process.
Thanks, Guy, Actually I am capturing packets on an L3 device's interface. I did not include the part where I am logging into the device. So, I do need tcpdump here. Btw without -s, -n arguments, my capture works fine as you mentioned.
You can’t.
The 2 process are linked by the way you start them. So if you kill the first you also kill the second.
From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx>
On Behalf Of varun siripurapu
Sent: Tuesday, 10 March 2020 23:39
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Installing wireshark on MacOS Catalina via brew
Hi Guy,
I have one more question for you. Sorry for pestering though.
How do I exit out of tcpdump which is passing the packets to wireshark without closing wireshark application?
`varuns@varuns ~ % "tcpdump -c 30 -s 0 -U -n -w - -i et3_5_1" | wireshark -k -i -
tcpdump: listening, link-type EN10MB (Ethernet), capture size 262144 bytes
30 packets captured
30 packets received by filter
0 packets dropped by kernel`
Note: Performing ctrl+c on tcpdump, closes the wireshark GUI Application file without saving.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe