 | 1 | initial version |
When executing dumpcap without any command line options, this is the expected behaviour.
To quote the online manual:
Without any options set it will use the libpcap, Npcap, or WinPcap library to capture traffic from the first available network interface and writes the received raw packet data, along with the packets' time stamps into a capture file.
Note: this is the same behaviour as for the command tcpdump.
There is a flashing cursor on the line after but no keyboard input is accepted.
That is because dumpcap is not an interactive commnand. To stop the started capture, just send the break signal using Control-C.
For long term capturing using a ring buffer use the command line option -b or --ring-buffer. For example:
dumpcap -b filesize:102400 -b files:10 -w demo.pcapng -i <interface>