Hi, i need to take USB trace for 7 days but after some hours of trace capture, the tshark exe is closing without any exception. please any one help me to solve this issue. Syntax: tshark.exe -i 3 -b filesize:10000 -b files:3 -w <usbtracefilename>. Thanks in Advance!!!! asked 31 May '17, 07:33  Pramod |
One Answer:
Probably an out of memory error. Use dumpcap.exe for long-term captures. Edit Unfortunately dumpcap is (currently) unable to use USBpcap as a capture source, so this won't work. answered 31 May '17, 07:38  grahamb ♦ edited 31 May '17, 10:12 |
Hi, Thanks for the replay, can u please provide syntax for using dumpcap.exe
Thanks in Advance!!
It should be the same. The man page is here, or use
dumpcap -?.yes i tried Dumpcap.exe but it is not displaying USB interfaces.
Please refer below screen shot
Thanks in Advance!!!
I wasn't aware that dumpcap doesn't support USBpcap. Wireshark\tshark use the extcap mechanism for alternate capture sources such as USBpcap, unfortunately dumpcap doesn't support that.
I can't offer any solution in this case apart from debugging the issue in tshark, even then the problem might be in usbpcap.
You could also raise an issue on the USBPcap github site asking for support for ring buffers.
You can try capturing the USB traffic with USBPcapCMD.exe as explained here: http://desowin.org/usbpcap/tour.html Then load the pcap in Wireshark (or if it is too big split it in chunks with editcap first).