This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Configure Wireshark to generate a file in a specific format every day

0

I would like to configure Wireshark to generate a file in Visual Networks format every day. Is it possible? I just plan to launch Wireshark one time.

Thanks.

asked 12 May '16, 14:26

puertas12's gravatar image

puertas12
16337
accept rate: 0%

edited 12 May '16, 14:26

You mean start Wireshark once, and for it to create a new capture file every day?

(12 May '16, 15:16) grahamb ♦

That is exactly what I mean

(13 May '16, 03:41) puertas12

One Answer:

1

Firstly, for long term captures use dumpcap, as Wireshark will run out of memory at some point.

Next, have a look at dumpcap's -b duration:86400 ring buffer option to write a new file every day. note that this won't be synchronised to the exact start of the day, instead it will be 86400 seconds from when dumpcap is started.

Finally, dumpcap won't write the capture in the format you've requested "Visual Networks", use editcap to post process the capture file.

answered 13 May '16, 03:55

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

A more in-depth discussion, written by Jeremy Stretch, of what @grahamb suggests is at http://packetlife.net/blog/2011/mar/9/long-term-traffic-capture-wireshark/.

(13 May '16, 06:55) coloncm