Re: Run TShark + USBPcap forever on Windows

[Evan Huus <eapache () gmail com>]

On Sat, Feb 4, 2017 at 11:11 Matthew Dierker <matthew.dierker () gmail com>
wrote:

> Hi! I'm using TShark to pipe USB packets on Windows from USBPcap to a
> Python program. TShark is run using Python's subprocess library. I'm
> having TShark echo the results to a subprocess.PIPE object as json, and
> I'm reading that in from the Python code. As far as I know, no packets are
> ever written to a file.
>
> It's all working fine, but TShark eventually decides it's time to exit,
> notated by "XXX packets captured" printed to stderr. My goal is to have
> this run indefinitely in the background, and a silent restart isn't a great
> option because of the UAC dialog that pops up each time. Any idea why
> TShark decides to exit if it isn't hitting a file limit?
>
> Sample Params: tshark.exe -i [usb interface] -x -T json -l -Y [display
> filter]

You might be able to work with the ring-buffer (-b) flag to get something
to work:

https://blog.wireshark.org/2014/07/to-infinity-and-beyond-capturing-forever-with-tshark/

Evan

>
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe