Hi, I use Wireshark version 1.8.4. Each time I would take a capture I enter Capture >> Options and change the default parameters of 'Capture files' like enable 'use multiple files' option, setting 'next file every 200M', browsing to a folder on Desktop where I want all the capture files to be saved at. Is there any way to save those parameters so each time I open the Wireshark and take a capture, it will be based on those settings? Thanks, Tal asked 05 Dec '12, 01:40  tal edited 05 Dec '12, 21:00  cmaynard ♦♦ |
2 Answers:
I recently was doing something somewhat similar. As Landi says you can save the capture filter, but you cannot save all the other parameters. So what I did was create a small shell script (batch file if you're on Windows). This is what I used (this was on Linux which supports the 'any' device): The "date +%m+%d" stuff substitutes (on Unix) the current date. I'm not sure how one could do that in DOS/Windows. The "-k" tells Wireshark to start capturing immediately upon startup. See the man page for any of the other options you don't know. answered 05 Dec '12, 07:46  JeffMorriss ♦ |
One very easy way to save certain filters is to click on the "Capture Filter" button right in front of the field where you enter your capture filter. In the upcoming dialogue you can "bookmark" or save often needed filters with a label of your own and by double-clicking on one of the list entries apply that filter. If you also want to avoid that step I suggest that you take a look at the dumpcap -h options, since over those you get the ability to completely configure the capture process via a command-line 1-liner, specifying everything you like e.g. by using a .bat or .cmd Batch Script
answered 05 Dec '12, 03:00  Landi edited 05 Dec '12, 03:04 |
