Wireshark doesn't capture logs after a point of time for Wireless network
I am collecting network traces from a wireless device, it starts fine and after an unknown period of time the capture screen becomes blank and collects logs of size 1kb. I am using Airpcap 4.3.1 and Wireshark is of version 3.0.5.
As I said, I start it up by setting up with the pcap, time durations and capture locations. The device starts to capture and goes on and then when the machine goes to sleep, so if check it after per say 4-5 hours, the capture screen will be completely blank. There seems to have no error messages as well. Can anyone help me figure this out?
It may not be recommended to use the graphical GUI of Wireshark to set long time captures, it depends on the physical memory of the device your are taking the capture on. I assume it may be a computer with a USB connected with the Airpcap device. Try to use the tshark/dumpcap on the command line and avoid the GUI to do long time captures. Blank screen may only due to the exhausted memory from your local device. Your (temporary) trace maybe located in the TMP folder in any case.
Thanks. Yes, I am using a com with an Airpcap USB connected to it. I checked whether the PC is running out of memory but fortunately it has pretty good storage left for use. I just could not figure out the root cause of this issue.
First, as @xinxolHH suggested, don't use Wireshark for long-term capturing, use dumpcap instead.
"... and then when the machine goes to sleep"
I think you may need to take measures to prevent the machine from going to sleep while capturing.