Wireshark - How to do a command line packet capture

Run the following command from the DOS prompt when in the Wireshark folder instead of running the usual PCAP:

tshark -F libpcap -i 1 -f "port 5060" -b filesize:10240 -w 3cx.pcap

To stop the capture you will now need to press Ctrl + C

By doing the above, this will make Wireshark cut your capture into file chunks of 1MB. When the problem occurs, identify the time it happened, identify the pcap of that particular time and send it to us.

Posted by: - Mon, Oct 29, 2012. This article has been viewed 3945 times.
Online URL: http://kb.naturalnetworks.com/article/wireshark-how-to-do-a-command-line-packet-capture-92.html

Powered by PHPKB (Knowledge Base Software)