Revision history [back]
How can I stop dumpcap or tshark without any condition?
Hi,
I am trying to setup a ring capture (of let's say 8gb) and stop it when I hit an event ID on a windows machine. I have to use a script so I will be using dumpcap or tshark (lightweight due to performance reasons) so I need to know If its possible to simply tell dumpcap or tshark to stop without any condition?
Below is what I will be doing to fire up the trace.
dumpcap -i 4 -b files:2 -b filesize:8000000 -w c:\temp\hello1.pcap
How should I stop it? I get to know the problem I am tracing via an event ID in the event viewer so I will be using a script to start and stop all the data collection process.......