Ask Your Question

How to start wireshark itself and capture logs when windows10 startup everytime

asked 2020-11-16 08:00:07 +0000

How to make wireshark run automatically during windows 10 startup....i need to capture logs in stations and might be there a chance of power it would be helpful if gat a solution for this.

Windows 10 enterprise

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-11-16 16:45:42 +0000

Chuckc gravatar image

POC - This WILL NOT WORK as written - tweak for your system.

Man page for dumpcap here

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp>type startcap.bat

dumpcap.exe -i 4 -b filesize:1000 -b files:5 -w C:\Users\admin\Documents\Wireshark\startup_capture\capfile


  1. dumpcap.exe in your path or specify full path to it in the batch file.
  2. Use dumpcap -D or tshark -D to determine which interface index to use with -i option.
  3. Review -b|--ring-buffer <capture ring buffer option> on dumpcap man page to configure for amount of capture needed on your system.
  4. Pick an appropriate place to save the capture files (-w option)
edit flag offensive delete link more


netsh can also be configured to capture at OS startup, e.g. see here. Captures made with netsh will have to be converted using the etl2pcapng utility.

grahamb gravatar imagegrahamb ( 2020-11-16 17:13:53 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-11-16 08:00:07 +0000

Seen: 52 times

Last updated: Nov 16