Wireshark · Wireshark-users: Re: [Wireshark-users] Stop cycling capture with tshark

Wireshark-users: Re: [Wireshark-users] Stop cycling capture with tshark

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>

Date: Thu, 9 Nov 2017 10:30:41 +0000

On 9 November 2017 at 10:14, Helge Kruse <Helge.Kruse@xxxxxxx> wrote:

I have setup a stress test with a network device. After some hours or
days I experience a failure. The device still responds to ICMP echo
and similar but the protocol under test is not working anymore. I
would like to know what happend before and at the failure.

I use tshark to capture the traffic as

tshark -w file.pcap -b filesize:100000 -b files:8 host 10.0.01

The test program at my Windows PC identfies the problem. But tshark
will continue and the files are overwritten after a period of time
because not all of the traffic stops.

How can I stop tshark from a different process?

Probably easiest to spawn a command line utility to kill any process named "tshark.exe", although that might well leave dumpcap.exe running, so that should be killed as well.

Graham Bloice

Follow-Ups:
- Re: [Wireshark-users] Stop cycling capture with tshark
  - From: Maynard, Chris

References:
- [Wireshark-users] Stop cycling capture with tshark
  - From: Helge Kruse

Prev by Date: [Wireshark-users] Stop cycling capture with tshark
Next by Date: Re: [Wireshark-users] Stop cycling capture with tshark
Previous by thread: [Wireshark-users] Stop cycling capture with tshark
Next by thread: Re: [Wireshark-users] Stop cycling capture with tshark
Index(es):
- Date
- Thread