First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Auto Wireshark Profile Capture

Hi, EveryOne!

Let say i have a default profile and i want to create a new profile to capture only #DNS_TRAFFIC !

Question :: without retyping MANUALYY the dns filter expression or click on a button, is it possible to capture automatically the the traffic from all profiles once the capture process is starting on the interface!

Best Regards

madmin's avatar
3
madmin
asked 2021-03-07 11:52:59 +0000
edit flag offensive 0 remove flag close merge delete

Comments

You want to be able to automatically capture the traffic from all profiles? What does that mean?

You can run Wireshark from the command-line (in a script or shortcut if it's easier) and specify any options you want, including the interface to capture on (-i <interface>), the profile to use (-C <configuration profile>), the capture filter to apply (-f <capture filter>), dissector options (-o <preference/recent setting>) and more. I'm not sure if that's what you're looking for? Refer to the Wireshark man page for more details on the command-line options.

cmaynard's avatar cmaynard (2021-03-07 16:22:24 +0000) edit
more
  • delete

Do you really want Wireshark to capture only DNS? A capture is different from a display filter. - The capture filter will only allow DNS packets into the buffer. Basically, all packets that don't match your capture filter are discarded and there is no way to go back and retrieve them. - The display filter will display on DNS packets in your packet capture

Answer to capture filter is to create a Wireshark shortcut with the startup options you need.

BigFatCat's avatar BigFatCat (2021-03-11 21:49:04 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

The profile does not determine your capture filter.

hugo.vanderkooij's avatar
76
hugo.vanderkooij
answered 2021-03-08 08:47:23 +0000
edit flag offensive 0 remove flag delete link
more

Comments

i feel like it's more clear now. my question was if it is possible to save the filter in a profile so if i switch between profiles i will find the traffic filtered rather then manually retype the BIG* filter *expression! i can use now buttons as Exemple to save time. Right??

madmin's avatar madmin (2021-03-08 09:20:01 +0000) edit
more
  • delete

You can save your display filter expressions as buttons if that is what you mean. Just type in the filter and press the + next to the filter field. You can also create a menu to group different display filters by using the label format:

  • Group1//Filter1
  • Group1//Filter2

  • Group1//Filter3

  • Group2//Filter1

  • Group2//Filter2
  • Group2//Filter3

This will create two menues with each of 3 filters. The filters will be only available in the current profile.

JasMan's avatar JasMan (2021-03-10 20:33:48 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer