Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-bugs: [Wireshark-bugs] [Bug 992] New: Stopping capture after specified time does not work properly

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 10 Jul 2006 13:53:21 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=992

           Summary: Stopping capture after specified time does not work
                    properly
           Product: Wireshark
           Version: 0.99.0
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: TBoehne@xxxxxxxx


I start a tshark process each day at midnight with the 
"-a duration:86040" command line switch. I expected tshark to
terminate shortly before midnight each day, but that does not always
happen. Tshark seems to only check the duration parameter when a
packet comes through the capture filter. After the weekend there were
3 tshark processes running which all terminated as the first packet
passed the filter. Interestingly, the packet was written to each
capture file, although the "duration" time had been passed for a long
time.

Minimal example that should terminate after 10 seconds but actually
captures the last packet about 30 seconds after being started:

pc-tb-debian:~# tshark -t ad -a duration:10
Capturing on eth0
2006-07-10 14:46:19.642140 Intel_1b:bf:d4 -> Broadcast    ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:20.641987 Intel_1b:bf:d4 -> Broadcast    ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:21.641835 Intel_1b:bf:d4 -> Broadcast    ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:46.710023 Intel_1b:bf:d4 -> Broadcast    ARP Who has
10.1.62.5? Tell 10.1.62.10
4 packets captured
pc-tb-debian:~#

The same problem seems also exists in ethereal: If I check "Stop capture aftere
one second" the capture will not stop until at least one packet is captured.

Just tested on Linux/i386, but I guess it happens on other platforms as well.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
  • Prev by Date: [Wireshark-bugs] [Bug 991] New: Buildbot crash output: fuzz-2006-07-10-25724.pcap
  • Next by Date: [Wireshark-bugs] [Bug 989] Buildbot crash output: fuzz-2006-07-09-6023.pcap
  • Previous by thread: [Wireshark-bugs] [Bug 991] Buildbot crash output: fuzz-2006-07-10-25724.pcap
  • Next by thread: [Wireshark-bugs] [Bug 993] New: Buildbot crash output: fuzz-2006-07-10-12219.pcap
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation