Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Problem with background dumpcap in Windows

From: Craig Jackson <cejackson51@xxxxxxxxx>
Date: Tue, 20 Feb 2018 12:22:53 -0500
Running on recent builds on Windows, I've had a problem with dumpcap being started and exiting repeatedly in the background. This seems to happening when it's being restarted to update the interface statistics, such as happens after a capture file is closed. The interface statistics update just fine before opening a capture file.

My assumption is that this has something to do with my environment, although I've blown away my build directory and rebuilt several times. I've also rebased regularly against master. However, I don't know enough Windows debugging to figure out what's going wrong.

I was able to see it happening with Procmon from Sysinternals. Should I install Sysmon from Sysinternals to capture more information? How would I get dumpcap to run under the debugger.

Craig Jackson