Hi need to run Wireshark from a command line as follows if possible capture all packets with following options 1. IP name resolution 2. file capture directory c:capture 3. file size 100mb 4. 5 rolling files so when 5th one full goes back to number 1 thanks Steve asked 06 Dec '10, 04:39  steve_1 |
2 Answers:
Steve tshark is installed as part of wirehark and should perform what is needed. tshark -h prints the help I think this is pretty close to what you need.. (you need to check the available interfaces via the tshark -D command) tshark -f "port 53" -i 2 -b filesize:100 -b files:5 -w "c:capturedns-capture" Eric answered 06 Dec '10, 08:48  erics |
If you want to run Wireshark with certain options see this part of the Users's Guide. If you just want to capture (not dissect straight away) then go for dumpcap. answered 10 Dec '10, 04:12  Jaap ♦ |
