First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

cannot stop capture

Running WireShark Version 4.2.5 on Windows Server, I started network capture but could not stop, because the option (capture>stop) got disabled when I tried to stop. With no workaround, I had to use Task Manager to end the wireshark task -- losing the (unsaved) traffic.

Can you suggest any work around, or some troubleshooting tips?

SteveL's avatar
1
SteveL
asked 2024-07-17 20:23:20 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

First of all, if you kill wireshark from the task manager, the running capture file still exists in the folder pointed to by Temp in the Folders tab of About Wireshark. So you will be able to retrieve the captured data.

When a capture can't be stopped, it is usually because of the traffic load, not sure if this is already reported as a bug, but I think it would qualify as one, you can file a bug report by opening an 'Issue' on https://gitlab.com/wireshark

Possible workarounds:

  • Make sure you use a capture filter to not capture traffic that you are not interested in
  • Add a stop condition to the capture so it will stop automatically
  • Disable update packet list while capturing in the capture options
  • Use dumpcap instead of Wireshark to do the capturing (my preferred option)
SYN-bit's avatar
18.5k
SYN-bit
answered 2024-07-18 11:09:46 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer