Wireshark · Wireshark-users: Re: [Wireshark-users] Run TShark + USBPcap forever on Windows

Wireshark-users: Re: [Wireshark-users] Run TShark + USBPcap forever on Windows

Date: Sun, 05 Feb 2017 16:13:34 +0000

On Sat, Feb 4, 2017 at 11:11 Matthew Dierker <matthew.dierker@xxxxxxxxx> wrote:

Hi! I'm using TShark to pipe USB packets on Windows from USBPcap to a Python program. TShark is run using Python's subprocess library. I'm having TShark echo the results to a subprocess.PIPE object as json, and I'm reading that in from the Python code. As far as I know, no packets are ever written to a file.

It's all working fine, but TShark eventually decides it's time to exit, notated by "XXX packets captured" printed to stderr. My goal is to have this run indefinitely in the background, and a silent restart isn't a great option because of the UAC dialog that pops up each time. Any idea why TShark decides to exit if it isn't hitting a file limit?

Sample Params: tshark.exe -i [usb interface] -x -T json -l -Y [display filter]

You might be able to work with the ring-buffer (-b) flag to get something to work:

https://blog.wireshark.org/2014/07/to-infinity-and-beyond-capturing-forever-with-tshark/

Evan

References:
- [Wireshark-users] Run TShark + USBPcap forever on Windows
  - From: Matthew Dierker

Prev by Date: Re: [Wireshark-users] Run TShark + USBPcap forever on Windows
Next by Date: [Wireshark-users] Hello Users - Trouble having to submit a question
Previous by thread: Re: [Wireshark-users] Run TShark + USBPcap forever on Windows
Next by thread: [Wireshark-users] Hello Users - Trouble having to submit a question
Index(es):
- Date
- Thread