The included tshark app will allow you to automate your captures. You can specify all the options you should need therein. You will need to use some sort of scheduler to start it at the time you want, but that shouldn't be an issue. Use the -a option to tell it how long to go for, i.e.: Tshark -a duration:7200 For 2 hours
As for multiple files, you can use the ringbuffer, Tshark -b filesize:8192 For 8 meg files. You will be able to open the output pcap file in Wireshark after. You are also not limited to Wireshark for capture, you can use any packet sniffer that can output a compatible pcap file. This way you can have more complex scheduling/filtering before Wireshark displays the data, especially if you write your own program to interface with winpcap or libpcap. Cheers, -Rob -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: March 20, 2008 11:16 AM To: wireshark-users@wireshark.org Subject: [Wireshark-users] Automate a Capture Is there a way to automate a wireshark capture. For instance I need to capture traffic in the middle of the night but will not be able to kick off the capture in person. I would also like to use specific options like writing to multiple files so I do not exhaust the buffer. Wireshark is running on a windows machine. Thanks, Nick _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users --------------------------------------------------------------------- This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
