Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] tshark multiple instances - issue

From: "Purandhar Krishnamurthy" <purandhar.krishnamurthy@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Jul 2009 23:22:23 +0530

Hello List!

 

I am running two tshark process, both capturing on the same interface but with different Capture filters. Both the tshark instances are writing on to different files.

 

I am sending SIGINT signal periodically every 60 minutes to both the tshark processes (I first identify their PIDs and then send kill –SIGINT pid1 pid2)

 

pid1 is the process Id of the tshark that was started first and pid2 is the process Id of tshark that was started later. I have modified the source code such that whenever a tshark process gets a SIGINT signal, the capture file to which it is writing will be switched to the next file.

 

When I execute ‘kill –SIGINT pid1 pid2’ the SIGINT signal is only received by the tshark with process id pid1. (This I can confirm by seeing the capture file to which pid1 is writing to is switched and the capture file to which pid2 is writing to is not changed.)

 

When I execute ‘kill –SIGINT pid2’ , the SIGINT signal is NOT received by the tshark with process Id pid2, instead it is received by the pid1. This is very strange!

 

Is this a BUG in tsahrk ? or is this how tshark, when run on multiple instances, behaves? Is there any work around to solve this problem?

 

Can you please help me out to solve this issue?

 

 

Many Thanks,

Purandhar