Ask Your Question
0

Start wireshark by command line [closed]

asked 2019-09-11 00:04:26 +0000

Billy Le gravatar image

Hello everyone, I need help with starting Wireshark by a command line.

wireshark -i "Ethernet 6" -a filesize:100000 files:C:\TEMP\User

when Wireshark started, I got an error file "User" does not exists.

TIA

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Billy Le
close date 2019-09-12 00:40:56.775284

add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-09-11 21:22:47 +0000

Ross Jacobs gravatar image

updated 2019-09-11 21:24:08 +0000

Hi Billy,

As you can see with bubbasnmp's answer, the files: option requires a number, not a path. A valid command might look like this:

tshark -a filesize:100000 -a files:5 -b duration:5s -w 'C:\TEMP\User'

This will stop the capture after 100MB across a max of 5 files with a ring buffer (-b) that changes every 5 seconds. This is the listing I get for the above command:

PS C:\> ls C:\TEMP


    Directory: C:\TEMP


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/11/2019   2:20 PM            348 User_00001_20190911142016
-a----        9/11/2019   2:20 PM            348 User_00002_20190911142021
-a----        9/11/2019   2:20 PM          21188 User_00003_20190911142028
-a----        9/11/2019   2:20 PM            920 User_00004_20190911142034
-a----        9/11/2019   2:20 PM           7936 User_00005_20190911142039
edit flag offensive delete link more

Comments

Thank you Ross Jacobs and bubbasnmp for your answer

below is an example of what I use to launch WireShark wireshark -i "Ethernet 6" -a filesize:100000 -b files:10 -w C:\temp\user -N mnt -k

Billy Le gravatar imageBilly Le ( 2019-09-12 00:40:38 +0000 )edit
add a comment
0

answered 2019-09-11 03:48:52 +0000

Chuckc gravatar image

It helps if you include the information from "Help->About Wireshark" or "wireshark -v". (I'm assuming Windows due to the interface name and reverse backslash in the file path.)

Looks like you need to check the options list.

  -a <autostop cond.> ...  duration:NUM - stop after NUM seconds
                           filesize:NUM - stop this file after NUM KB
                              files:NUM - stop after NUM files

Were you looking to specify a location to save the capture files in?

edit flag offensive delete link more
add a comment

Question Tools

subscribe to rss feed

Stats

Asked: 2019-09-11 00:04:26 +0000

Seen: 441 times

Last updated: Sep 11 '19

Related questions

Wireshark 2.4.1 GTK Crash on long run

Why redirection of VoIP calls to voicemail fails?

Capture incoming packets from remote web server

How do I get and display packet data information at a specific byte from the first byte?

Client is waiting for FIN flag from server for 30 sec

wifi disconnects as wireshark starts

How do I add "child item" to an item in the subtree?

What is the syntax for wireshark custom column

Getting error MSB4018 when trying to build wireshark sources

Monitoring UDP data on wireshark shows ARP packet