NMCAP.EXE talks too much.... RRS feed

  • Question

  • When starting nmcap.exe via the commandline after a short while it starts to produce output like the following:

    "Capturing   | Received: 0 Pending: 0 Saved: 0 Dropped: 0 | Time: 0 seconds."

    Does it have a switch to stop this? I could not find one.

    Thursday, March 8, 2012 4:01 PM

All replies

  • Hi Arno,

    There is no way to disable this output from the nmcap tool itself.  It will continually display new lines updating the status of the capture.

    Might I inquire to the reason why you don't want it to display?

    Another approach, would be to write a small capture program using our API, then you can control the console output yourself, but it may not be as effecient as just using nmcap itself.


    Michael Hawker | Program Manager | Network Monitor

    Friday, March 9, 2012 6:36 PM
  • Hi Michael,

    I am analizing an intermittent failure that is related to FTP-Transfers. So I do not know when it happens and I have no packet-signature of the error because it appears on the program level.

    So I use NMCap to run a  filtered capture for all IP-packets coming and going to a defined IP-address. I use NMCap because I can run it as a process in the background with chained tracefiles and a redirected output.

    This is exactly why I do not want any of this output. It just blows up the output-files without any useful information.

    Asides from this the setup works fine.


    Arno Bosch

    • Edited by Arno Bosch Monday, March 12, 2012 9:04 AM
    Monday, March 12, 2012 9:03 AM
  • You can also use the standard command method of getting rid of output.

    nmcap /network * /capture /file test312.cap > nul

    Of course, you'll lose information like dropped packets, but perhaps that's not important or relevant in your case.


    Monday, March 12, 2012 1:36 PM
  • Hi Paul,

    I already use that method. But I am interested in other program output like "is the program startet correct" or did it have a premature ending.

    By the way you should use something like

    nmcap /network * /capture /file test312.cap >nul 2>&1

    if you really want to get rid of all program output.


    Monday, March 12, 2012 1:47 PM
  • I think using the API is your best bet.  Like Michael mentioned, it may not be as performant as NMCap, but you'd have more flexibility in terms of what you display.  We do have a simple example that shows you how to write a program that captures in the help documentation.  It's fairly straight forward and we can help if you have issues.


    • Proposed as answer by Paul E Long Wednesday, March 14, 2012 2:06 PM
    Wednesday, March 14, 2012 2:06 PM
  • Hi Paul,

    that may be right but I do not want to program C++ or C#. VBScript oder Powershell should work too and would be acceptable but there are no examples (as usual).

    But Michael already answered my initial question with his statement that it is not possible to turn the output off. Althougt it would be nice if it would be possible to forward this as a kind of "enhancement-request" to development because I think that there are more people that use NMCAP as a background-monitoring-tool. And a switch to disable the status-output should be easy to implement.


    Thursday, March 15, 2012 9:16 AM
  • Yes, we can take this feedback and work it into the next version.  What we are planning is to expose via powershell, so you should have the control you want.  You could expose the current API via Powershell, but we haven't had a chance to work out any examples for you.  The following video discuss this at a high level and has some examples, but I think you'd still have to fill in some gaps.



    Thursday, March 15, 2012 1:59 PM