 | 1 | initial version |
I'm using Dumpcap and Windows "Schedule Tasks" to do this.
You can define the triggers in the task according your needs (e.g. run on startup and 3 hours only).
The command is the path to dumpcap.exe (e.g. C:\Program Files\Wireshark\dumpcap.exe). The argument defines the capture filter (-f), the adapter (-i), the filename and location (-w), cound and max. size of each file (-b), capture duration (-a duration:xxxx). Example: "-i "NAME_OF_LAN_CONNECTION" -f "(host IP_OF_LDAP_SERVER or host IP_OF_DNS_SERVER) and (port 389 or 53)" -w "C:\Temp\%COMPUTERNAME%.pcap" -a duration:10800
This will capture all DNS and LDAP traffic to/from the defined hosts. The capture will run 10.800 seconds/3 hr and write the data to c:\Temp.
| | 2 | No.2 Revision |
I'm using Dumpcap and Windows "Schedule Tasks" to do this.
You can define the triggers in the task according your needs (e.g. run on startup and 3 hours only).
The command is the path to dumpcap.exe (e.g. C:\Program Files\Wireshark\dumpcap.exe).
The argument defines the capture filter (-f), the adapter (-i), the filename and location (-w), cound and max. size of each file (-b), capture duration (-a duration:xxxx).
Example:
Example:
"-i "NAME_OF_LAN_CONNECTION" -f "(host IP_OF_LDAP_SERVER or host IP_OF_DNS_SERVER) and (port 389 or 53)" -w "C:\Temp\%COMPUTERNAME%.pcap" -a duration:10800
This will capture all DNS and LDAP traffic to/from the defined hosts. The capture will run 10.800 seconds/3 hr and write the data to c:\Temp.
