Ask Your Question
0

Starting wireshark from cmd, without having cmd open forever?

asked 2022-09-26 11:28:59 +0000

I want to have wireshark running all the time so I know how much data I've sent to what IP over what Port etc.. Problem is it takes up 2 task bar slots, because I start it from a .bat file in shell:startup. I've found out how to start a programm in general with cmd quitting afterwards.

In theory "cmd /c "C:\Program Files\Wireshark\wireshark" -i 1 -i 2 -i 3 -i 4 -i 5 -k" should do it or not? But with wireshark it doesn't seem to work.

Is it possible to run wireshark from cmd without leaving the cmd window open while wireshark GUI is running? Closing the command line also closes wireshark GUI. So it seems you have to have 2 windows running if you start from cmd.

I know tshark exists, but is it possible to view the data with wireshark GUI?

edit retag flag offensive close merge delete

Comments

Actually I think the bigger issues is that you feel the need to run Wireshark all of the time.

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2022-09-26 13:01:49 +0000 )edit

Well, I've had a 92 mega Byte upload to some IP on every startup, that I've blocked now. I want to make sure it's not happening again at some point, but I also don't want to wait 2 minutes every startup to see if it's happening. Also starting wireshark after weird things start happening means I don't see the weird things, because they have already happened.

anon1398591551858 gravatar imageanon1398591551858 ( 2022-09-26 13:55:49 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2022-09-29 21:15:48 +0000

André gravatar image

First of all for continuously capturing it is better to launch dumpcap, with ringbuffer option(s), instead of Wireshark. The files created by dumpcap or tshark can be read by Wireshark of course.

The problem is that when you start Wireshark, with capture options, from a Windows command prompt or .cmd batch file the console output of Wireshark remains linked to the console or cmd.exe, outputting "[Capture MESSAGE]" messages. So when you close it, it will trigger Wireshark to stop too.
To detach, close stdin/stdout/stderr by adding < NUL > NUL 2> NUL to the command line.

By the way: for a finer control of launching a GUI process from the Windows command prompt or .cmd batch file use the start command (like minimized window, alternate priority).

But why not create a shortcut in shell:startup with your command line (without 'cmd /c') as 'target' instead?

If you want to start capturing during boot, or capture as much as possible during reboot, then take a look at the netsh trace command.

edit flag offensive delete link more

Comments

thanks a lot :)

anon1398591551858 gravatar imageanon1398591551858 ( 2022-09-30 08:31:30 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2022-09-26 11:28:59 +0000

Seen: 483 times

Last updated: Sep 29 '22