Re: [Wireshark-users] automate capture feature

From: Martin Visser <martinvisser99_at_nospam>
Date: Sat Apr 17 2010 - 03:44:48 GMT
To: Community support list for Wireshark <wireshark-users@wireshark.org>

While you can do what Tal says, you can do this easily in Wireshark. Before
you capture, Capture->Options menu. Under the Capture File(s) section,
enter a File name, example mycapture.pcap and then select the Multiple Files
checkbox and only select Next File every 1 minute. You can option specify
when you want to stop.

Wireshark then will create a new file every minute called something like
mycapture_00001_20100417131441.pcap (where the first set of digits is a
serial number and the second is contracted form of the date.

Simple!

Regards, Martin

MartinVisser99@gmail.com

On Sat, Apr 17, 2010 at 4:14 AM, Tal Bar-Or <tbaror@gmail.com> wrote: says

> Hi,
>
> i would use first Tshark and then use file rotation( file ring buffer) lets
> say 2 files for 1 min and always query the last file not active.
> Next i would phrase (regexp) data needed and write it to xml and send it to
> central location display it via web console using Flex technology.
> Regsrds
>
>
> On Fri, Apr 16, 2010 at 5:38 PM, sachindeo v chavan <
> sachin_chavan@yahoo.com> wrote:
>
>> Hi all,
>>
>> I have a query on wireshark. I have version 1.2.7.
>> How can I repetitively capture network and save the capture at regular
>> interval say every 1 min while the capture is going on?
>>
>> In other words, save the captured info on the fly? that is, save every 1
>> min while the capture is going on.
>>
>> regards
>> sachin
>>
>>
>>
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> mailto:wireshark-users-request@wireshark.org
>> ?subject=unsubscribe
>>
>
>
>
> --
> Tal Bar-or
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@wireshark.org
> ?subject=unsubscribe
>

___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe

This message: [ Message body ]
Next message: Miszcsi Miszcsi: "[Wireshark-users] help me please"
Previous message: Guy Harris: "Re: [Wireshark-users] Filter change"
In reply to: Tal Bar-Or: "Re: [Wireshark-users] automate capture feature"
Next in thread: Phil Paradis: "Re: [Wireshark-users] automate capture feature"
Reply: Phil Paradis: "Re: [Wireshark-users] automate capture feature"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]