 | 1 | initial version |
Your best bet is to capture external to the machine so you catch all the traffic when it comes up, with no dependence on the order at which capture is started and the interface comes up.
I think netsh will do a startup capture, too, but still prefer external for cases like this.
| | 2 | No.2 Revision |
Your best bet Edit: per the comment, since this PC is to capture external to the machine so you catch all destination of a mirror port, capturing on boot is a reasonable requirement. However, using Wireshark is probably the traffic when it comes up, with no dependence on wrong tool for this - check out dumpcap (see https://packetlife.net/blog/2011/mar/9/long-term-traffic-capture-wireshark/) for the order at which capture is started and the interface comes up. discussion.
I think netsh will do a The issue of startup capture, too, but still prefer external for cases like this.was discussed here some time ago:
https://osqa-ask.wireshark.org/questions/26932/capture-packets-on-startup-automatically/
