First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to start wireshark itself and capture logs when windows10 startup everytime

  • retag add tags

How to make wireshark run automatically during windows 10 startup....i need to capture logs in stations and might be there a chance of power failure..so it would be helpful if gat a solution for this.

Windows 10 enterprise

hijashmk's avatar
1
hijashmk
asked 2020-11-16 08:00:07 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

POC - This WILL NOT WORK as written - tweak for your system.

Man page for dumpcap here

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp>type startcap.bat

dumpcap.exe -i 4 -b filesize:1000 -b files:5 -w C:\Users\admin\Documents\Wireshark\startup_capture\capfile


Requirements:

  1. dumpcap.exe in your path or specify full path to it in the batch file.
  2. Use dumpcap -D or tshark -D to determine which interface index to use with -i option.
  3. Review -b|--ring-buffer <capture ring buffer option> on dumpcap man page to configure for amount of capture needed on your system.
  4. Pick an appropriate place to save the capture files (-w option)
Chuckc's avatar
3k
Chuckc
answered 2020-11-16 16:45:42 +0000
edit flag offensive 0 remove flag delete link
more

Comments

netsh can also be configured to capture at OS startup, e.g. see here. Captures made with netsh will have to be converted using the etl2pcapng utility.

grahamb's avatar grahamb (2020-11-16 17:13:53 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer