 | 1 | initial version |
First of all for continuously capturing it is better to launch dumpcap, with ringbuffer option(s), instead of Wireshark. The files created by dumpcap or tshark can be read by Wireshark of course.
The problem is that when you start Wireshark, with capture options, from a Windows command prompt or .cmd batch file the console output of Wireshark remains linked to the console or cmd.exe, outputting "[Capture MESSAGE]" messages. So when you close it, it will trigger Wireshark to stop too.
To detach, close stdin/stdout/stderr by adding < NUL > NUL 2> NUL to the command line.
By the way: for a finer control of launching a GUI process from the Windows command prompt or .cmd batch file use the start command (like minimized window, alternate priority).
But why not create a shortcut in shell:startup with your command line (without 'cmd /c') as 'target' instead?
If you want to start capturing during boot, or capture as much as possible during reboot, then take a look at the netsh trace command.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
