First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Starting wireshark from cmd, without having cmd open forever?

  • retag add tags

I want to have wireshark running all the time so I know how much data I've sent to what IP over what Port etc.. Problem is it takes up 2 task bar slots, because I start it from a .bat file in shell:startup. I've found out how to start a programm in general with cmd quitting afterwards.

In theory "cmd /c "C:\Program Files\Wireshark\wireshark" -i 1 -i 2 -i 3 -i 4 -i 5 -k" should do it or not? But with wireshark it doesn't seem to work.

Is it possible to run wireshark from cmd without leaving the cmd window open while wireshark GUI is running? Closing the command line also closes wireshark GUI. So it seems you have to have 2 windows running if you start from cmd.

I know tshark exists, but is it possible to view the data with wireshark GUI?

anon1398591551858's avatar
1
anon1398591551858
asked 2022-09-26 11:28:59 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Actually I think the bigger issues is that you feel the need to run Wireshark all of the time.

hugo.vanderkooij's avatar hugo.vanderkooij (2022-09-26 13:01:49 +0000) edit
more
  • delete

Well, I've had a 92 mega Byte upload to some IP on every startup, that I've blocked now. I want to make sure it's not happening again at some point, but I also don't want to wait 2 minutes every startup to see if it's happening. Also starting wireshark after weird things start happening means I don't see the weird things, because they have already happened.

anon1398591551858's avatar anon1398591551858 (2022-09-26 13:55:49 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

First of all for continuously capturing it is better to launch dumpcap, with ringbuffer option(s), instead of Wireshark. The files created by dumpcap or tshark can be read by Wireshark of course.

The problem is that when you start Wireshark, with capture options, from a Windows command prompt or .cmd batch file the console output of Wireshark remains linked to the console or cmd.exe, outputting "[Capture MESSAGE]" messages. So when you close it, it will trigger Wireshark to stop too.
To detach, close stdin/stdout/stderr by adding < NUL > NUL 2> NUL to the command line.

By the way: for a finer control of launching a GUI process from the Windows command prompt or .cmd batch file use the start command (like minimized window, alternate priority).

But why not create a shortcut in shell:startup with your command line (without 'cmd /c') as 'target' instead?

If you want to start capturing during boot, or capture as much as possible during reboot, then take a look at the netsh trace command.

André's avatar
176
André
answered 2022-09-29 21:15:48 +0000
edit flag offensive 0 remove flag delete link
more

Comments

thanks a lot :)

anon1398591551858's avatar anon1398591551858 (2022-09-30 08:31:30 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer