Re: Need help figuring out a large gap in trace | Windows 11

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi,

Not sure what’s going on here, but there’s one thing I would like to point out. For long term capture I would 
*strongly* recommend using dumpcap instead.
Reason behind this is that Tshark invokes the dissection engine for the captured packets, which in this case is not 
what’s needed, but still takes up processing and (lot’s of) memory. 
Instead you can invoke the capture engine used by Tshark directly. Dumpcap mostly uses the same command line 
parameters. Have a look at the manual page.
Several years ago I had dumpcap running for months without issue.

Regards,
Jaap

> On 22 Dec 2021, at 03:29, Adithya Krishna <adithya.krsna () gmail com> wrote:
>
> Hi there!
>
> I am a new user of Wireshark and recently started logging packet traces on my Windows 11 computer using the tshark 
> command prompt option. I am using a ring-buffer with a duration filter, and the tracing has been mostly fine. Below 
> is the exact CLI prompt being used

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe