need to run Wireshark from a command line as follows if possible capture all packets with following options 1. IP name resolution 2. file capture directory c:capture 3. file size 100mb 4. 5 rolling files so when 5th one full goes back to number 1
asked 06 Dec '10, 04:39
tshark is installed as part of wirehark and should perform what is needed.
tshark -h prints the help
I think this is pretty close to what you need.. (you need to check the available interfaces via the tshark -D command)
tshark -f "port 53" -i 2 -b filesize:100 -b files:5 -w "c:capturedns-capture"
answered 06 Dec '10, 08:48