Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2020-11-16 16:45:42 +0000

Chuckc gravatar image

POC - This WILL NOT WORK as written - tweak for your system.

Man page for dumpcap here

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp>type startcap.bat

dumpcap.exe -i 4 -b filesize:1000 -b files:5 -w C:\Users\admin\Documents\Wireshark\startup_capture\capfile


Requirements:

  1. dumpcap.exe in your path or specify full path to it in the batch file.
  2. Use dumpcap -D or tshark -D to determine which interface index to use with -i option.
  3. Review -b|--ring-buffer <capture ring buffer option> on dumpcap man page to configure for amount of capture needed on your system.
  4. Pick an appropriate place to save the capture files (-w option)