This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to save the capture options?

0

Hi,

I use Wireshark version 1.8.4.

Each time I would take a capture I enter Capture >> Options and change the default parameters of 'Capture files' like enable 'use multiple files' option, setting 'next file every 200M', browsing to a folder on Desktop where I want all the capture files to be saved at.

Is there any way to save those parameters so each time I open the Wireshark and take a capture, it will be based on those settings?

Thanks, Tal

asked 05 Dec '12, 01:40

tal's gravatar image

tal
1111
accept rate: 0%

edited 05 Dec '12, 21:00

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


2 Answers:

2

I recently was doing something somewhat similar. As Landi says you can save the capture filter, but you cannot save all the other parameters. So what I did was create a small shell script (batch file if you're on Windows). This is what I used (this was on Linux which supports the 'any' device):

wireshark -B 10 -i any -f "not ip host A.B.C.D and not localhost" -k \
   -b filesize:10240 -w /path/to/my/captures/wireshark_`date +%m%d`

The "date +%m+%d" stuff substitutes (on Unix) the current date. I'm not sure how one could do that in DOS/Windows.

The "-k" tells Wireshark to start capturing immediately upon startup. See the man page for any of the other options you don't know.

answered 05 Dec '12, 07:46

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

1

One very easy way to save certain filters is to click on the "Capture Filter" button right in front of the field where you enter your capture filter. In the upcoming dialogue you can "bookmark" or save often needed filters with a label of your own and by double-clicking on one of the list entries apply that filter.

If you also want to avoid that step I suggest that you take a look at the dumpcap -h options, since over those you get the ability to completely configure the capture process via a command-line 1-liner, specifying everything you like e.g. by using a .bat or .cmd Batch Script

Capture interface:

-i <interface> name or idx of interface (def: first non-loopback) -f <capture filter> packet filter in libpcap filter syntax

Output (files): -w <filename> name of file to save (def: tempfile) -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files

answered 05 Dec '12, 03:00

Landi's gravatar image

Landi
2.3k51442
accept rate: 28%

edited 05 Dec '12, 03:04