Is there any way to make the Wireshark capture packets automatically and save it in a file on startup of Windows? Kindly help me to fix this. Thanks asked 13 Nov '13, 03:17  bala92n edited 13 Nov '13, 05:42  grahamb ♦ |
One Answer:
Yes. First, run Wireshark from a command line prompt by entering "wireshark -D" to get a list of interfaces (you can also use "dumpcap -D" if you want). Note the index of the interface you want to capture on. Next, create a batch file that contains the line
and put a shortcut to that link into your startup folder. That should do the trick. If you want to furter customize the process (like setting an capture file name or other options) you can always run "wireshark -h" to get a list of all command line parameters. answered 13 Nov '13, 03:29  Jasper ♦♦ edited 13 Nov '13, 03:30 That will only start the capture at some point during user login. To start the capture at windows start-up an alternative will have to be employed, usually modifying Local Group Policy. (13 Nov '13, 05:43) grahamb ♦ Correct. It depends on what the definition of "startup of Windows" means :-) My solution requires a user to log in of course. (13 Nov '13, 08:43) Jasper ♦♦ |
why do you want to do that?
Are you trying to figure out if something (malware) sends data to the internet, or do you want to create a (kind of) automated network capture device, based on windows?