Ask Your Question

Revision history [back]

Something needs to be running to continuously capture, but using Wireshark itself isn't a good idea as it isn't necessary and will likely run out of memory.

Wireshark invokes the command line utility dumpcap to perform the capture and write the traffic to a disk file. Among the options are the interfaces to be captured from and how to write the output; to a single enormous file, or multiple files delimited by time, size or packet count.

Note that capturing for a long period may generate a large amount of traffic so ensure the location for the capture file(s) has plenty of space.

Good luck on reviewing all that traffic on your return.