Wireshark offers command line options which allows users to capture traffic information through a batch file. This also means the built in Windows scheduled task feature can be used to schedule a capture.

Example batch file:

"C:\Program Files\Wireshark\tshark.exe" -a duration:14400 -a filesize:20480 -a files:512 -w "C:\Program Files\Wireshark\captures\Packet_Capture.pcap"

-w: Specifies the output file:
In this example it will create the following file and increment the names if multiple files are being created:
C:\Program Files\Wireshark\captures\Packet_Capture.pcap

-a: Capture autostop conditions in the example above:
duration: Stop after 14400 seconds (4 hours)
filesize: Create a new file after it reaches 20480KB (20MB)
files: Stop creating new files after it reaches 512 (512 x 20MB = 10GB total)

For a full list of command line options use “wireshark -h” in a command prompt or take a look at the Wireshark command line help page.

Leave a Reply