Wireshark - How to do a command line packet capture
Estimated Reading Time: < 1 MinuteRun the following command from the DOS prompt when in the Wireshark folder instead of running the usual PCAP:
tshark -F libpcap -i 1 -f "port 5060" -b filesize:10240 -w 3cx.pcap
To stop the capture you will now need to press Ctrl + C
By doing the above, this will make Wireshark cut your capture into file
chunks of 1MB. When the problem occurs, identify the time it happened,
identify the pcap of that particular time and send it to us.