Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2022-11-10 18:23:06 +0000

greavette gravatar image

Help with using dumpcap to monitor 24/7 but retain only 20 minutes

Hello Forum,

I found this post on your archive forum - https://osqa-ask.wireshark.org/questions/21323/monitor-247-but-retain-only-15-minutes/

The following command will create a new capture file every 20 minutes (1200 Seconds). It will rotate the capture files, keeping only the latest five.

dumpcap -ni 1 -w c:\temp\phone_problem.pcap -b duration:1200 -b files:5

I'm using Wireshark version 4.0.1 on Windows and I have a similar need. I'm filtering on my MAC address:

eth.addr==xx:xx:xx:xx:xx:xx

Where do I add into this wireshark the dumpcap command to create a packet every 20 minutes? My hardware is having an issue whereby it goes offline. I don't want to create a massive packet capture file. I'm hoping to create a smaller log that captures when the device went offline.

Thank you.

Help with using dumpcap to monitor 24/7 but retain only 20 minutes

Hello Forum,

I found this post on your archive forum - https://osqa-ask.wireshark.org/questions/21323/monitor-247-but-retain-only-15-minutes/

The following command will create a new capture file every 20 minutes (1200 Seconds). It will rotate the capture files, keeping only the latest five.

dumpcap -ni 1 -w c:\temp\phone_problem.pcap -b duration:1200 -b files:5

I'm using Wireshark version 4.0.1 on Windows and I have a similar need. I'm filtering on my MAC address:

eth.addr==xx:xx:xx:xx:xx:xx

Where do I add into this wireshark the dumpcap command to create a packet every 20 minutes? My hardware is having an issue whereby it goes offline. I don't want to create a massive packet capture file. I'm hoping to create a smaller log that captures when the device went offline.

Thank you.

Help with using dumpcap to monitor 24/7 but retain only 20 minutes

Hello Forum,

I found this post on your archive forum - https://osqa-ask.wireshark.org/questions/21323/monitor-247-but-retain-only-15-minutes/

The following command will create a new capture file every 20 minutes (1200 Seconds). It will rotate the capture files, keeping only the latest five.

dumpcap -ni 1 -w c:\temp\phone_problem.pcap -b duration:1200 -b files:5

I'm using Wireshark version 4.0.1 on Windows and I have a similar need. I'm filtering on my MAC address:

eth.addr==xx:xx:xx:xx:xx:xx

I see that dumpcap is a separate executable. Where do I add into this wireshark the dumpcap command to create a packet every 20 minutes? minutes and still filter by my MAC address? My hardware is having an issue whereby it goes offline. I don't want to create a massive packet capture file. I'm hoping to create a smaller log that captures when the device went offline.

Thank you.