Wireshark-users: Re: [Wireshark-users] dumpcap process stopped
From: luke devon <[email protected]>
Date: Sat, 26 May 2018 02:40:12 +0000 (UTC)
Hi Jaap, 

Thank you for the reply and the suggestion. However, I have a script that controls the hard disk space. It won't exhaust the storage.  I have used the same setup with tcpdump since the last couple of years. But I had to deal with another network interface, that is why I decided to use dumpcap or tshark.

I will not let go the storage space beyond 90% of it. Fully controlled.

-b duration:15  --> jump to a new dump, likewise, it continues. usually, PCAP file size is 70-75MB and once compressed it will be 18-20MB. 

anyway, the issue that I have faced with dumpcap was really unexpected. Even there is nothing in the man pages to have a try. I was looking for a  guidance. if anyone out there who has faced this problem before.

On Saturday, 26 May 2018, 1:39:18 AM GMT+8, Jaap Keuter <[email protected]> wrote:


You should probably read the manual page of dumpcap. You’re running it in multiple files mode.
It is supposed to work this way. You may want to consider adding -b files:<value> to define the number of capture files to store to prevent exhausting your storage.
If configured this way you can indeed run it for an extended period. Personally I’ve run it for a couple of months on a production network like this.


On 25 May 2018, at 04:10, luke devon via Wireshark-users <[email protected]> wrote:


When generating the output of dumpcap, I am getting following formt of the out put.

dumpcap -i eth1 -i eth -b duration:15 -w /pathtopcap/test.pcap  <-- this is the command

test_01704_20180524193447.pcap <-- final file name

command was running since yesterday but when I am checking the status today, it has been stoped after few hours.dumpcap process has been stopped. 

May I know is there a way to resolve this issue? I wanna run this command continously, days or months or years... until the process stoped manually.

Thank you

Sent via:    Wireshark-users mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
            mailto:[email protected]?subject=unsubscribe