how can i capture data after start of the computer
Hi, i try to analyze data with help of the statistic from a computer after the moment if the computer is connected with the network. How can i do that?
If your computer uses Windows OS, you can fullfill your requirement with a schedule task. Create a new task with the condition "Run on computer start" and run tshark to capture the traffic.
Example: tshark -i 1 -w C:\Temp\FILE.pcapng
This will start a permanent capture on interface ID 1 and save it to C:\Temp\FILE.pcapng, regardless if the interface is up or not. You can view all interface IDs of your computer with "tshark -D" If you do not need the payload of the packets, you can add "-s 100" to the command. This will reduce the packet capture to 100 byte for each packet. That should be enough for statistic purpose. For a long-therm capture I would suggest to use the ring buffer option. "-b filesize:100000 -b files:100" will create 100 files with each 100 MB of data.