Start wireshark by command line [closed]

asked 2019-09-11 00:04:26 +0000

Hello everyone, I need help with starting Wireshark by a command line.

wireshark -i "Ethernet 6" -a filesize:100000 files:C:\TEMP\User

when Wireshark started, I got an error file "User" does not exists.


2 Answers

answered 2019-09-11 21:22:47 +0000

updated 2019-09-11 21:24:08 +0000

Hi Billy,

As you can see with bubbasnmp's answer, the files: option requires a number, not a path. A valid command might look like this:

tshark -a filesize:100000 -a files:5 -b duration:5s -w 'C:\TEMP\User'

This will stop the capture after 100MB across a max of 5 files with a ring buffer (-b) that changes every 5 seconds. This is the listing I get for the above command:

PS C:\> ls C:\TEMP

    Directory: C:\TEMP

Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        9/11/2019   2:20 PM            348 User_00001_20190911142016
-a----        9/11/2019   2:20 PM            348 User_00002_20190911142021
-a----        9/11/2019   2:20 PM          21188 User_00003_20190911142028
-a----        9/11/2019   2:20 PM            920 User_00004_20190911142034
-a----        9/11/2019   2:20 PM           7936 User_00005_20190911142039
Thank you Ross Jacobs and bubbasnmp for your answer

below is an example of what I use to launch WireShark wireshark -i "Ethernet 6" -a filesize:100000 -b files:10 -w C:\temp\user -N mnt -k

Billy Le gravatar imageBilly Le ( 2019-09-12 00:40:38 +0000 )edit

answered 2019-09-11 03:48:52 +0000

It helps if you include the information from "Help->About Wireshark" or "wireshark -v". (I'm assuming Windows due to the interface name and reverse backslash in the file path.)

Looks like you need to check the options list.

  -a <autostop cond.> ...  duration:NUM - stop after NUM seconds
                           filesize:NUM - stop this file after NUM KB
                              files:NUM - stop after NUM files

Were you looking to specify a location to save the capture files in?

