Wireshark - How to do a command line packet capture

Run the following command from the DOS prompt when in the Wireshark folder instead of running the usual PCAP:

tshark -F libpcap -i 1 -f "port 5060" -b filesize:10240 -w 3cx.pcap

To stop the capture you will now need to press Ctrl + C

By doing the above, this will make Wireshark cut your capture into file chunks of 1MB. When the problem occurs, identify the time it happened, identify the pcap of that particular time and send it to us.

Posted by: Natural Networks NOC - October 29, 2012. This article has been viewed 5907 times.
Online URL: https://kb.naturalnetworks.com/article.php?id=92

Powered by PHPKB (Knowledge Base Software)