Ask Your Question
0

How do I start a capture in Wireshark via the command line?

asked 2021-03-15 09:07:30 +0000

madmin gravatar image

updated 2021-03-15 18:31:45 +0000

Guy Harris gravatar image

Hi everyOne! Im launching wireshark using the command line :: [wireshak_Path] > wireshark -i int_Number. but the capture is not started until i double click on the interface! not a good idea if im using it throught a Script! is there any solution to start the capture without the intervention of the user!

edit retag flag offensive close merge delete

Comments

Wireshark version?

grahamb gravatar imagegrahamb ( 2021-03-15 10:10:12 +0000 )edit

2 Answers

Sort by » oldest newest most voted
0

answered 2021-03-15 09:15:03 +0000

Jasper gravatar image

You should use dumpcap instead of Wireshark, because that's what Wireshark uses to capture packets anyway. You can find some pointers how to use dumpcap in this blog post:

https://blog.packet-foo.com/2013/05/t...

edit flag offensive delete link more
2

answered 2021-03-15 10:17:06 +0000

grahamb gravatar image

updated 2021-03-15 18:35:36 +0000

For Wireshark only, you'll need to supply the -k flag:

From the man page:

-k

Start the capture session immediately. If the -i flag was specified, the capture uses the specified interface. Otherwise, Wireshark searches the list of interfaces, choosing the first non-loopback interface if there are any non-loopback interfaces, and choosing the first loopback interface if there are no non-loopback interfaces; if there are no interfaces, Wireshark reports an error and doesn't start the capture.

The answer from @Jasper is good advice in general though.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-03-15 09:07:30 +0000

Seen: 795 times

Last updated: Mar 15 '21