This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Command line option

0

I am running the following command line to capture large files but I would like the logs to be created in my log folder under the Wireshark folder

dumpcap -b files:10000 -b filesize:10000 -w logs.pcap

I have tried all sorts of option to make it create the file in that folder but nothing seems to work

This question is marked "community wiki".

asked 12 Mar '12, 04:15

DirtRider's gravatar image

DirtRider
1111
accept rate: 0%


2 Answers:

1

If I read your question correctly you want to have the files containing the captured data in a sub directory of your Wireshark installation directory? And I assume you're running Windows Vista or Windows 7? In that case you're not allowed to write to the "program files" folders since the UAC (User Access Control) settings probably denies access to it. You can disabled UAC, but I advise against it - times are dangerous, and Worms/BotNets/Viruses (Virii?) never sleep. Better rethink your capture strategy save the files to a folder that you are allowed to write to.

If I'm not assuming the correct OS environment you'll need to elaborate ;-)

answered 12 Mar '12, 04:51

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 12 Mar '12, 04:52

(Converted to a comment in keeping with the format of ask.wireshark.org; Please see the FAQ).

Ok not to worry I set it as this and it now works, thanks for the help. Made up a small bat file to run

ECHO OFF
MKDIR c:\\IPECS_Log
dumpcap -b files:10000 -b filesize:10000 -w C:\\IPECS_Log\\ipecs.pcap
ECHO ON
(12 Mar '12, 05:28) DirtRider

0

What is your OS? On Windows putting the path in the -w option works for me:

dumpcap.exe -i 2 -b files:1000 -b filesize:1000 -w C:\temp\caps\log.pcap

I get multiple files in the the C:\temp\caps directory.

answered 12 Mar '12, 04:45

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 12 Mar '12, 04:53

It will be both Win7 and XP, I cannot get it to make it in the correct folder

dumpcap -b files:10000 -b filesize:10000 -w C:\\Program Files\\Wireshark\\ipecslog\\ipecs.pcap

It now makes a file in the root of c:

Program_00001_20120312125745

(12 Mar '12, 05:01) DirtRider

As Jasper mentioned in his answer you don't normally have write access to the Program Files directory on Win 7. Create a directory somewhere else, e.g. C:\temp\caps and try that.

(12 Mar '12, 05:05) grahamb ♦