Ask Your Question
0

How can I stop dumpcap or tshark without any condition?

asked 2023-01-31 22:40:16 +0000

Aman gravatar image

Hi,

I am trying to setup a ring capture (of let's say 8gb) and stop it when I hit an event ID on a windows machine. I have to use a script so I will be using dumpcap or tshark (lightweight due to performance reasons) so I need to know If its possible to simply tell dumpcap or tshark to stop without any condition?

Below is what I will be doing to fire up the trace.

dumpcap -i 4 -b files:2 -b filesize:8000000 -w c:\temp\hello1.pcap

How should I stop it? I get to know the problem I am tracing via an event ID in the event viewer so I will be using a script to start and stop all the data collection process.......

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-01-31 23:10:47 +0000

cmaynard gravatar image

As I posted on Discord, ...

If you know the process ID of the running dumpcap instance, then you can use something like TASKKILL /F /PID %DUMPCAP_PID%; otherwise if you know you're only going to have a single instance running, you might be able to just get away with TASKKILL /F /IM DUMPCAP.EXE.

You may also want to take a look at the dumpcap.batfile I wrote and made available at https://gitlab.com/wireshark/wireshar..., as this batch file uses this exact method to kill dumpcap. Note that the batch file might not actually work anymore with the latest version of dumpcap since I wrote it so long ago and it's not something I actually use myself.

edit flag offensive delete link more

Comments

i can try that workaround but wondering why dumpcap or tshark simply doesn't allow us to stop it? unconditionally i mean

Aman gravatar imageAman ( 2023-01-31 23:18:13 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2023-01-31 22:40:16 +0000

Seen: 288 times

Last updated: Jan 31 '23