This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to automatically save to the file?

0

I want to save result to a file automatically when start a new capture, but I don't want to set option each time, how i can do that?

asked 01 Jan '11, 02:50

jackydi's gravatar image

jackydi
1222
accept rate: 0%

One Answer:

1

If you drop out to a command line and do a "wireshark -h", it will give you all of the command line options.

For example:

wireshark -i 2 -k -b duration:20 -b filesize:100 -b files:10 -w paul.pcap

This sets the capture interface to interface 2 (-i 2), starts capturing immediatel (-k), sets a maximum file duration ring buffer option to 20 seconds (-b duration:20), a maximum ring buffer file size to 100KB (-b filesize:100), a maximum number of files saved to the last 10 (-b files:10), and an output basefile to paul.pcap.

answered 01 Jan '11, 07:19

Paul%20Stewart's gravatar image

Paul Stewart
3018
accept rate: 6%

Thank you for your answer, I mean when I click the 'start' button, it automatically creates a new pcap file, the file name format is a fixed prefix + date and time,eg. log20110125081112.pcap. thank you.

(25 Jan '11, 04:00) jackydi

wireshark -i 2 -b duration:20 -b filesize:1000 -b files:10 -w log.pcap

You can try the above. I'm away from my computer.

(25 Jan '11, 04:53) Paul Stewart