This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Start and Stop Capture automatically

0

Is there an option in Wireshark to run it between x:00 and y:00 every day?

asked 24 Sep '14, 18:14

Santhosh%20Pallikara's gravatar image

Santhosh Pal...
11223
accept rate: 0%


One Answer:

0

Wireshark has no support for starting captures at a specified time. so you'll have to use the scheduler facilities of your OS (cron, scheduled tasks etc. as appropriate), but Wireshark can capture for a defined period of time once started.

Note that you're also going to get better performance and less likelihood of running out of memory if you use dumpcap (which is what Wireshark actually uses under the covers) to make the captures. See the dumpcap man page for parameters, especially the -a option to limit the capture duration

answered 25 Sep '14, 01:56

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Sure... I can use dumpcap. I reviwed the man page and it talks about options. Is there any video or document with example on how to set this up?

(25 Sep '14, 11:03) Santhosh Pal...
1

There is the users guide which has info on starting Wireshark from the command line, and quite a few of the options are the same, e.g. for a 1 hour run you would use the option -a duration:3600. You would have to provide other required options to make a capture, maybe Google would find something for you, e.g. I found this searching for "dumpcap options".

(25 Sep '14, 11:15) grahamb ♦