I am trying to capture IP traffic to narrow down an issue. The PC gets rebooted daily so I have to start wireshark and set the capture to save a new file every hour. Is it possible to create a batch file that runs wireshark with the settings I need to capture and save a file every hour when Windows is started? asked 28 Oct '15, 08:13  Videocom JM |
One Answer:
Sure, but you should use dumpcap, not Wireshark as Wireshark (and tshark) will eventually run out of memory when capturing. You can see the command line options for dumpcap here, you'll need to use an option such as answered 28 Oct '15, 08:33  grahamb ♦ |
Thanks for the information. I setup a command and tested but I get an error "dumpcap: the file to which the capture would be saved <"qmaster.pcap"> could not be opened: No such file or directory." Below is the syntax I used, am I missing something?
dumpcap -i 2 -b files:24 -b duration:3600 -w qmaster.pcap
Thanks, Jason
Your syntax appears to be correct. The error is a permissions issue. Your command works for me, except when I try to run the command from the directory where the Wireshark executables are located (C:\Program Files\Wireshark, in my case), and then I get the same error you did.
If you're going to use the Wireshark command-line tools, put the Wireshark directory on your path so that you can run the executables from anywhere, and if you're using a Windows computer, save the output somewhere that is not under C:\Windows or C:\Program Files.