This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Delaying Capture

0

I would like to be able to have Wireshark do a capture at 0200 for approx 2 minutes to see where a 4MB stream is coming from. Is there a way to start and stop Wireshark at certain time of day?

asked 07 Dec '10, 09:53

Mach%20One's gravatar image

Mach One
1112
accept rate: 0%


One Answer:

1

Sure: Schedule a 'dumpcap' job for 02:00 (method depending upon your OS: windows/at; linux/cron, etc).

(Dumpcap is the Wireshark component which actually does a capture).

See the dumpcap man pages for info on limiting the amount of data which is captured.

answered 07 Dec '10, 10:36

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850
accept rate: 17%