Wireshark-users: Re: [Wireshark-users] Automate a Capture
From: <NMaio@xxxxxxxxxxxx>
Date: Thu, 20 Mar 2008 11:27:22 -0400
Thank you! -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Rob MacKenzie Sent: Thursday, March 20, 2008 11:26 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Automate a Capture The included tshark app will allow you to automate your captures. You can specify all the options you should need therein. You will need to use some sort of scheduler to start it at the time you want, but that shouldn't be an issue. Use the -a option to tell it how long to go for, i.e.: Tshark -a duration:7200 For 2 hours As for multiple files, you can use the ringbuffer, Tshark -b filesize:8192 For 8 meg files. You will be able to open the output pcap file in Wireshark after. You are also not limited to Wireshark for capture, you can use any packet sniffer that can output a compatible pcap file. This way you can have more complex scheduling/filtering before Wireshark displays the data, especially if you write your own program to interface with winpcap or libpcap. Cheers, -Rob -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of NMaio@xxxxxxxxxxxx Sent: March 20, 2008 11:16 AM To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] Automate a Capture Is there a way to automate a wireshark capture. For instance I need to capture traffic in the middle of the night but will not be able to kick off the capture in person. I would also like to use specific options like writing to multiple files so I do not exhaust the buffer. Wireshark is running on a windows machine. Thanks, Nick _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- References:
- Re: [Wireshark-users] Automate a Capture
- From: Rob MacKenzie
- Re: [Wireshark-users] Automate a Capture
- Prev by Date: Re: [Wireshark-users] Automate a Capture
- Next by Date: Re: [Wireshark-users] tshark & loopback
- Previous by thread: Re: [Wireshark-users] Automate a Capture
- Next by thread: Re: [Wireshark-users] tshark & loopback
- Index(es):