Hi,

sometimes it is necessary to only dump the network traffic before an event happend. For this cases wirkshark has the command line option for a ringbuffer.

On Windows use tshark from the command line:

"C:\Program Files\Wireshark\tshark.exe" -b filesize:256 -b files:5 -i ethernet0 -w %temp%\trace.pcap

This writes max 5 files, each with a maximum size of 256kb.

Michael