How to Schedule a Packet Capture

book

Article ID: 48875

calendar_today

Updated On:

Products

APPLICATION DELIVERY ANALYSIS SUPERAGENT EHEALTH CA Infrastructure Performance CA NetVoyant (NetQoS / NV) CA eHealth

Issue/Introduction

Packet captures can be scheduled using Wireshark's command line tool - tshark. To schedule a capture,
add a line such as the following to a batch file and call the file using a Windows scheduled task.

c:\"Program Files"\Wireshark\tshark -a duration:60 -B 2 -i 4 -n -q -w c:\network.out host 192.168.1.1

-a = duration in seconds
-B = buffer size - default is 1Mb
-i = interface number - use "tshark.exe -D" to list interface numbers and find the right interface to capture on
-n = don't resolve IP addresses
-q = quiet output
-w = output file
host = host capture filter

Environment

Release: RAIB1H99000-9.1-Network Flow Analysis-Interface Bundle-Hardware
Component: