This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Stop capture from commandline

0

Is it possible to stop wireshark capture from console? I have a script which starts wireshark capture using command "wireshark -i <interface> -k" I want to stop it from console later. As there is no fixed time between start and stop I can't use automatic stop options. tshark is not an option for me in this case and also starting wireshark capture with file save option isn't what I want.

So, if possible please tell me the steps needed or whether there is any workaround or not.

asked 04 Jun '14, 07:06

swap's gravatar image

swap
11556
accept rate: 0%


One Answer:

0

tshark is not an option for me in this case and also starting wireshark capture with file save option isn't what I want.

well, then your options are 'limited', not to say non existent. ;-))

Reason: You cannot tell a running instance of Wireshark to stop the capturing process. There is no such functionality.

What I don't understand: Why do you need to start Wireshark in GUI mode (interactive mode) and then automatically tell it to stop capturing. Can't you just ask the person in front of the PC to click on the "STOP capture icon"? If no: Can you please add some details why you need to have it in exactly that way?

If you are 'flexible', my suggestion would be:

Do one of the following:

Either:

  • start Wireshark as you did
  • then bring up a pop-up message (net send on windows or similar) and ask the user to click on the "STOP capture icon" in Wireshark

Or:

  • capture the traffic with dumpcap and write it to a file
  • If you want to stop the capturing process, kill the dumpcap process
  • start Wireshark with the saved capture file: wireshark -nr saved.pcap

Regards
Kurt

answered 05 Jun '14, 13:31

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%