How to start wireshark itself and capture logs when windows10 startup everytime

asked 2020-11-16 08:00:07 +0000

How to make wireshark run automatically during windows 10 startup....i need to capture logs in stations and might be there a chance of power it would be helpful if gat a solution for this.

Windows 10 enterprise

answered 2020-11-16 16:45:42 +0000

Chuckc gravatar image

POC - This WILL NOT WORK as written - tweak for your system.

Man page for dumpcap here

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp>type startcap.bat

dumpcap.exe -i 4 -b filesize:1000 -b files:5 -w C:\Users\admin\Documents\Wireshark\startup_capture\capfile


  1. dumpcap.exe in your path or specify full path to it in the batch file.
  2. Use dumpcap -D or tshark -D to determine which interface index to use with -i option.
  3. Review -b|--ring-buffer <capture ring buffer option> on dumpcap man page to configure for amount of capture needed on your system.
  4. Pick an appropriate place to save the capture files (-w option)
netsh can also be configured to capture at OS startup, e.g. see here. Captures made with netsh will have to be converted using the etl2pcapng utility.

grahamb gravatar imagegrahamb ( 2020-11-16 17:13:53 +0000 )edit

Asked: 2020-11-16 08:00:07 +0000

