Starting and stopping capturing and saving data through command-line (Windows 10).

asked 2023-02-03 18:15:06 +0000

liexpress gravatar image

I'm trying to troubleshoot a network issue on a Windows computer. What I have done through Wireshark GUI was:

  1. Start Wireshark with a .lua file for customized protocol.

  2. Start capturing with filtering, file writing and ring buffer.

  3. Stop capturing when the error is observed and save data.

Now I want to automatize this process, because the error may happen in several days or even weeks. There will be a script monitoring the occurrence of the error. So my questions are:

  • If I go with Wireshark, can I start/stop capturing and save the remaining data in memory to data file through command line?

  • If I go with dumpcap, except for the question above with Wireshark, does dumpcap support loading a .lua file for filtering?

edit retag flag offensive close merge delete

Comments

Stop capturing when the error is observed ...

How are you determining this error? Are you manually observing some condition via a Display Filter for your protocol, or is there some Capture Filter that could be specified to catch this error of interest? I ask because if you can capture this event using a Capture Filter, then you may find the dumpcap.bat file that I wrote and made available on the Tools wiki page of interest to you. Keep in mind that I wrote the batch file a long time ago and don't really use it, so it may not work anymore with newer versions of Wireshark, but you're free to look at it and modify it if that's something you think would be useful.

On the other hand, if you are using a Display Filter to manually observe the error, then you will probably have to ...(more)

cmaynard gravatar imagecmaynard ( 2023-02-03 21:22:04 +0000 )edit