![]() tshark will continually update this file until you kill the capture. Once you've started this capture, you should be able to enter my_live_capture.pcapng You can write to a file like so: tshark -w my_live_capture.pcapng You may or may not have it installed, depending on your installation. Use tshark, the command line equivalent of Wireshark, instead. Set the capture file with Capture > Options > Capture to a permanent file. If you can replicate this bug, you may want to ask on. The behavior you describe where when Wireshark isn't the focused window, it doesn't write packets is not something that I can replicate on my Windows machine. Both solutions are included to give you more leeway in triggering your capture. You can set an output file with both Wireshark and tshark. Is there any way how to turn this off and make Wireshark not to buffer packet data but constantly writing them to file even if Wireshark itself isnt the main window on the screen ? ![]() This isn't good for me since I have to switch between my app and Wireshark everytime I want to see changes in file. Seems like everytime Wireshar is in the background, it doesnt changes file but somehow stores data into its internal buffer, and only when you focus on Wireshark app, it will flush all data into file. That works fine, but the problem is that Wireshark updates file only when you focus on Wireshark application - when you have it on your screen and it is your actual window that you are working with. I would like to read output files that Wireshark create while capturing USB packets (.pcap) and I would like to support live-reading, so basically when live capture changes output file (appends more data to it), my application will detect that file was changed and processes those additional data. ![]() I am using Wireshark 3.2.6 along with USBPcap.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |