Hello everyone, I need help with starting Wireshark by a command line.
wireshark -i "Ethernet 6" -a filesize:100000 files:C:\TEMP\User
when Wireshark started, I got an error file "User" does not exists.
TIA
Closed for the following reason "the question is answered, right answer was accepted" by Billy Le 2019-09-12 00:40:56 +0000
It helps if you include the information from "Help->About Wireshark" or "wireshark -v". (I'm assuming Windows due to the interface name and reverse backslash in the file path.)
Looks like you need to check the options list.
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Were you looking to specify a location to save the capture files in?
Hi Billy,
As you can see with bubbasnmp's answer, the files: option requires a number, not a path. A valid command might look like this:
tshark -a filesize:100000 -a files:5 -b duration:5s -w 'C:\TEMP\User'
This will stop the capture after 100MB across a max of 5 files with a ring buffer (-b) that changes every 5 seconds.
This is the listing I get for the above command:
PS C:\> ls C:\TEMP
Directory: C:\TEMP
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 9/11/2019 2:20 PM 348 User_00001_20190911142016
-a---- 9/11/2019 2:20 PM 348 User_00002_20190911142021
-a---- 9/11/2019 2:20 PM 21188 User_00003_20190911142028
-a---- 9/11/2019 2:20 PM 920 User_00004_20190911142034
-a---- 9/11/2019 2:20 PM 7936 User_00005_20190911142039
Thank you Ross Jacobs and bubbasnmp for your answer
below is an example of what I use to launch WireShark wireshark -i "Ethernet 6" -a filesize:100000 -b files:10 -w C:\temp\user -N mnt -k
Comments