I would like to be able to have Wireshark do a capture at 0200 for approx 2 minutes to see where a 4MB stream is coming from. Is there a way to start and stop Wireshark at certain time of day? asked 07 Dec '10, 09:53  Mach One |
One Answer:
Sure: Schedule a 'dumpcap' job for 02:00 (method depending upon your OS: windows/at; linux/cron, etc). (Dumpcap is the Wireshark component which actually does a capture). See the dumpcap man pages for info on limiting the amount of data which is captured. answered 07 Dec '10, 10:36  Bill Meier ♦♦ |
