Ask Your Question

Revision history [back]

Use dumpcap (part of the Wireshark suite) on the command line to setup a capture into a set of capture files (so that you don't end up with one huge unworkable file).

Use dumpcap -D to list your network interfaces and select the number (i.e. 2) for the interface that is connected to the internet and put that after the -i parameter below:

dumpcap -i 2 -w path\to\capture\file -b duration:3600 -f "port 443 and (host a.b.c.d or host e.f.g.h or host i.j.k.l)"

Replace path\to\capture\file with the location of where you want the captures to go, e.g. your users documents directory, and use the real IP's of the server sites.

Use Ctrl + C to terminate the capture. The -b option given creates a new capture file each hour.