Wireshark-users: Re: [Wireshark-users] dumpcap process stopped
From: Jaap Keuter <[email protected]>
Date: Fri, 25 May 2018 19:38:19 +0200

You should probably read the manual page of dumpcap. You’re running it in multiple files mode.
It is supposed to work this way. You may want to consider adding -b files:<value> to define the number of capture files to store to prevent exhausting your storage.
If configured this way you can indeed run it for an extended period. Personally I’ve run it for a couple of months on a production network like this.


On 25 May 2018, at 04:10, luke devon via Wireshark-users <[email protected]> wrote:


When generating the output of dumpcap, I am getting following formt of the out put.

dumpcap -i eth1 -i eth -b duration:15 -w /pathtopcap/test.pcap  <-- this is the command

test_01704_20180524193447.pcap <-- final file name

command was running since yesterday but when I am checking the status today, it has been stoped after few hours.dumpcap process has been stopped. 

May I know is there a way to resolve this issue? I wanna run this command continously, days or months or years... until the process stoped manually.

Thank you