Couple of clarifying questions first:
1. How much is being written to disk on the NetShark? different models have different write to disk limits.
2. Are you using a Microflow index on the capture job?
3. What kind of filters are you applying (BPF, NetShark, Wireshark)?
4. How large is the capture job?
5. Are you able to post a screenshot of the capture job details?
6. How large is the time range you are applying?
7. Are you able to post any of your code?
Hi Leigh, thanks for responding. See below for my answers.
1. There is roughly 25 TB of packet captures being written to the disks. The total system capacity is 32 TB RAID0 on the CSK-03200 appliance.
2. Yes. Both microflow and a full packet capture are being performed.
3. NetShark filters are being applied.
4. 12 TB
6. Even a range as small as 10 seconds times out.
7. My code is using their example exactly, which can be found here.
The time filter '05/17/2017 04:00:50 to 04:01:10' can cover more than 24 hours if it is run on another day than '05/17/2017'. Another choice would be to use expressions as "last 1 minute".
If that does not solve your problem, you can run the your command to output more debug information as:
python download.py 10.x.x.x --jobname='SPAN 1' -u '<removed>' -p '<removed>' --filename=test.pcap
--timerange='05/17/2017 04:00:50 to 05/17/2017 04:01:10' --filter=ip.src="10.x.x.x" --rest-debug=1 --loglevel=debug