ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6280] New: tshark/dumpcap skips capture duration flag occa

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 29 Aug 2011 07:54:21 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6280

           Summary: tshark/dumpcap skips capture duration flag
                    occasionally
           Product: Wireshark
           Version: 1.2.7
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: TShark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: daniel.ctr.lovelace@xxxxxxx


Created an attachment (id=6884)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6884)
Screenshot of dumpcap

Build Information:
PC #1

TShark 1.2.7 (SVN Rev 32341)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.22.4, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.0,
with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, with
GeoIP.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5.

Built using Microsoft Visual C++ 9.0 build 30729

PC #2

Version 1.2.7 (SVN Rev 32341)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, with GLib 2.22.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, without libpcre, without SMI, with
c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, without
Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 31 2010), with
AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.1 (packet.dll
version 4.1.0.2001 - Spectracom X64 PCI-E [4.1.2 wpcap]), based on libpcap
version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without
AirPcap.

--
We record data long term on computer using tshark/dumpcap on various windows
machines. 

Sample command line arguments: 

tshark.exe -i\Device\NPF_{EA8B6130-0B39-4670-9339-B5C0889AB68F} -b
filesize:1000000 -b duration:3600 -f "filter here" -w "D:\vcs0\vcs0.cap"

Every hour a new file should be created. Our recordings are always under
filesize:1000000. Sometimes, tshark/dumpcap misses that time and just continues
recording a file until the maximum is reached.

Attached is a screenshot that helps show the situation. Notice most of the
recordings start on the hour exactly. File 395 then misses the close time and
keeps going until it hits the max. After that, the files never use the duration
filter again.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube