This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture packets on startup automatically

0

Is there any way to make the Wireshark capture packets automatically and save it in a file on startup of Windows? Kindly help me to fix this.

Thanks

asked 13 Nov '13, 03:17

bala92n's gravatar image

bala92n
1222
accept rate: 0%

edited 13 Nov '13, 05:42

grahamb's gravatar image

grahamb ♦
19.8k330206

Is there any way to make the Wireshark capture packets automatically and save it in a file on startup of Windows?

why do you want to do that?

Are you trying to figure out if something (malware) sends data to the internet, or do you want to create a (kind of) automated network capture device, based on windows?

(14 Nov '13, 04:39) Kurt Knochner ♦

One Answer:

0

Yes. First, run Wireshark from a command line prompt by entering "wireshark -D" to get a list of interfaces (you can also use "dumpcap -D" if you want). Note the index of the interface you want to capture on.

Next, create a batch file that contains the line

wireshark -i [InterfaceID] -k

and put a shortcut to that link into your startup folder. That should do the trick.

If you want to furter customize the process (like setting an capture file name or other options) you can always run "wireshark -h" to get a list of all command line parameters.

answered 13 Nov '13, 03:29

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

edited 13 Nov '13, 03:30

That will only start the capture at some point during user login. To start the capture at windows start-up an alternative will have to be employed, usually modifying Local Group Policy.

(13 Nov '13, 05:43) grahamb ♦

Correct. It depends on what the definition of "startup of Windows" means :-) My solution requires a user to log in of course.

(13 Nov '13, 08:43) Jasper ♦♦