Ask Your Question
0

Capture Options Output After Time vs Time is Multiple of does not appear to work as expected

asked 2021-11-17 19:25:43 +0000

figment512 gravatar image

When selecting "after 10 seconds" I would expect a file to be generated every 10 seconds from the initial start time of the capture. When selection "when time is a multiple of 10 seconds" I would expect a file to be generated on the 10s based on the system clock.

Currently Wireshark v3.4.9 won't let me select only "when time is a multiple of" as a valid single option, but defaults to that when attempting to restart a rolling capture after choosing "after 10 seconds". Also, choosing "after 10 seconds" appears to be using the system clock 10s interval instead of 10s from start of capture.

What am I missing or is this not working properly?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-11-17 22:15:25 +0000

Chuckc gravatar image

updated 2021-11-17 22:28:05 +0000

(Update: open issue exists)
16783 Multiple Files preference "Create new file automatically...after" [time] working incorrectly

Wireshark will call dumpcap to do the capture. (diagram here).
dumpcap doesn't allow duration and interval concurrently:

C:\>dumpcap -b duration:100 -b interval:30
dumpcap: Ring buffer requested, but capture isn't being saved to a permanent file.
dumpcap: Ring buffer file duration and interval can't be used at the same time.


There are two issues here that are worth opening a bug report on the Wireshark Gitlab issues page:
1. The gui should give a warning and prevent duration and interval both being picked.
2. The "when time is a multiple of" option is not connected in the gui which results in the pop-up error box.

image description

edit flag offensive delete link more

Comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2021-11-17 19:25:43 +0000

Seen: 58 times

Last updated: Nov 17