IT Solutions Technology Blog

Wireshark – sometimes it is necessary to only dump the network traffic before an event happend for this cases you can use the command line option for a ringbuffer

On Windows use tshark from the command line

„C:\Program Files\Wireshark\tshark.exe“ -b filesize:256 -b files:5 -i ethernet0 -w %temp%\trace.pcap

This writes max 5 files and each file with a maximum size of 256kb

This entry was posted on Donnerstag, Mai 9th, 2024 at 18:59 and is filed under Administration, Network Info. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.