Is there an option in Wireshark to run it between x:00 and y:00 every day? asked 24 Sep '14, 18:14  Santhosh Pal... |
One Answer:
Wireshark has no support for starting captures at a specified time. so you'll have to use the scheduler facilities of your OS (cron, scheduled tasks etc. as appropriate), but Wireshark can capture for a defined period of time once started. Note that you're also going to get better performance and less likelihood of running out of memory if you use dumpcap (which is what Wireshark actually uses under the covers) to make the captures. See the dumpcap man page for parameters, especially the -a option to limit the capture duration answered 25 Sep '14, 01:56  grahamb ♦ |
Sure... I can use dumpcap. I reviwed the man page and it talks about options. Is there any video or document with example on how to set this up?
There is the users guide which has info on starting Wireshark from the command line, and quite a few of the options are the same, e.g. for a 1 hour run you would use the option
-a duration:3600. You would have to provide other required options to make a capture, maybe Google would find something for you, e.g. I found this searching for "dumpcap options".