DePriest, Jason R. wrote:
Use tshark instead (http://www.wireshark.org/docs/man-pages/tshark.html).
Try
-aduration:10800 (3 hours in seconds)
For writing the results to a file, you can either redirect the output
with '>' for decoded stuff or just use '-w' to write it out raw so you
can open it with Wireshark later.
...and note that neither Wireshark nor TShark themselves have any
mechanism for *starting* them at a specified time.
However, the OS on which you're running it might, e.g. cron or at on
UN*Xes. I think there's some equivalent on Windows NT ("NT" meaning NT
4.0, 2000, XP, Server 2K3, Vista, and Server 2K8), but I don't know what
it is offhand.