This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can anybody help me to create wireshark batch file?

0

I need to create bat file recording all data from two hosts (192.168.1.200 or 192.168.1.201) and:

  • store in subfolder (C:\CDR) as file name_date_starthour.txt
  • each 1Mb
  • start with windows and restart after crash

Can someone help me?

my first bat: wireshark -B 10 -i any -f "192.168.1.200 and 192.168.1.201" -k \ -b filesize:10240 -w E:\CDR\wireshark_date +%m%d

not working (invalid argument: +d')

with hints from: https://ask.wireshark.org/questions/16576/how-to-save-the-capture-options

asked 01 Sep '14, 02:10

invoso's gravatar image

invoso
11224
accept rate: 0%

edited 01 Sep '14, 15:13

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

One Answer:

0

You don't need the "_date +%m%d" part at the end, because the -b parameter will add full date and time to the filename automatically. Try with "-w E:\CDR\wireshark.pcapng" at the end instead.

answered 01 Sep '14, 03:14

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

wireshark return: "you can't specify both a live capture and a capture file to be read"

Is possible to run two different instances of wireshark on one machine?

(01 Sep '14, 05:18) invoso

yes, but you should use two dumpcap instances instead. Wireshark doesn't capture packets anyway, it starts a dumpcap process each time. See http://blog.packet-foo.com/2013/05/the-notorious-wireshark-out-of-memory-problem/

(01 Sep '14, 06:11) Jasper ♦♦

Why wireshark return: "you can't specify both a live capture and a capture file to be read"?

(01 Sep '14, 11:26) invoso