Revision history [back]
POC - This WILL NOT WORK as written - tweak for your system.
Man page for dumpcap here
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp>type startcap.bat
dumpcap.exe -i 4 -b filesize:1000 -b files:5 -w C:\Users\admin\Documents\Wireshark\startup_capture\capfile
Requirements:
dumpcap.exe
in your path or specify full path to it in the batch file.- Use
dumpcap -D
ortshark -D
to determine which interface index to use with-i
option. - Review
-b|--ring-buffer <capture ring buffer option>
on dumpcap man page to configure for amount of capture needed on your system. - Pick an appropriate place to save the capture files (
-w
option)