Ask Your Question
0

Start wireshark by command line [closed]

asked 2019-09-11 00:04:26 +0000

Billy Le gravatar image

Hello everyone, I need help with starting Wireshark by a command line.

wireshark -i "Ethernet 6" -a filesize:100000 files:C:\TEMP\User

when Wireshark started, I got an error file "User" does not exists.

TIA

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Billy Le
close date 2019-09-12 00:40:56.775284

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-09-11 21:22:47 +0000

Ross Jacobs gravatar image

updated 2019-09-11 21:24:08 +0000

Hi Billy,

As you can see with bubbasnmp's answer, the files: option requires a number, not a path. A valid command might look like this:

tshark -a filesize:100000 -a files:5 -b duration:5s -w 'C:\TEMP\User'

This will stop the capture after 100MB across a max of 5 files with a ring buffer (-b) that changes every 5 seconds. This is the listing I get for the above command:

PS C:\> ls C:\TEMP


    Directory: C:\TEMP


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/11/2019   2:20 PM            348 User_00001_20190911142016
-a----        9/11/2019   2:20 PM            348 User_00002_20190911142021
-a----        9/11/2019   2:20 PM          21188 User_00003_20190911142028
-a----        9/11/2019   2:20 PM            920 User_00004_20190911142034
-a----        9/11/2019   2:20 PM           7936 User_00005_20190911142039
edit flag offensive delete link more

Comments

Thank you Ross Jacobs and bubbasnmp for your answer

below is an example of what I use to launch WireShark wireshark -i "Ethernet 6" -a filesize:100000 -b files:10 -w C:\temp\user -N mnt -k

Billy Le gravatar imageBilly Le ( 2019-09-12 00:40:38 +0000 )edit
0

answered 2019-09-11 03:48:52 +0000

bubbasnmp gravatar image

It helps if you include the information from "Help->About Wireshark" or "wireshark -v". (I'm assuming Windows due to the interface name and reverse backslash in the file path.)

Looks like you need to check the options list.

  -a <autostop cond.> ...  duration:NUM - stop after NUM seconds
                           filesize:NUM - stop this file after NUM KB
                              files:NUM - stop after NUM files

Were you looking to specify a location to save the capture files in?

edit flag offensive delete link more

Question Tools

Stats

Asked: 2019-09-11 00:04:26 +0000

Seen: 62 times

Last updated: Sep 11