Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 992] New: Stopping capture after specified time does not w

Date: Mon, 10 Jul 2006 13:53:21 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=992

           Summary: Stopping capture after specified time does not work
                    properly
           Product: Wireshark
           Version: 0.99.0
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: TBoehne@xxxxxxxx


I start a tshark process each day at midnight with the 
"-a duration:86040" command line switch. I expected tshark to
terminate shortly before midnight each day, but that does not always
happen. Tshark seems to only check the duration parameter when a
packet comes through the capture filter. After the weekend there were
3 tshark processes running which all terminated as the first packet
passed the filter. Interestingly, the packet was written to each
capture file, although the "duration" time had been passed for a long
time.

Minimal example that should terminate after 10 seconds but actually
captures the last packet about 30 seconds after being started:

pc-tb-debian:~# tshark -t ad -a duration:10
Capturing on eth0
2006-07-10 14:46:19.642140 Intel_1b:bf:d4 -> Broadcast    ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:20.641987 Intel_1b:bf:d4 -> Broadcast    ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:21.641835 Intel_1b:bf:d4 -> Broadcast    ARP Who has
10.1.62.5? Tell 10.1.62.10
2006-07-10 14:46:46.710023 Intel_1b:bf:d4 -> Broadcast    ARP Who has
10.1.62.5? Tell 10.1.62.10
4 packets captured
pc-tb-debian:~#

The same problem seems also exists in ethereal: If I check "Stop capture aftere
one second" the capture will not stop until at least one packet is captured.

Just tested on Linux/i386, but I guess it happens on other platforms as well.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.