Wireshark/tcpdump: Write trace to a ringbuffer file


sometimes it is necessary to only dump the network traffic before an event happend. For this cases wirkshark has the command line option for a ringbuffer.

On Windows use tshark from the command line:

"C:\Program Files\Wireshark\tshark.exe" -b filesize:256 -b files:5 -i ethernet0 -w %temp%\trace.pcap

This writes max 5 files, each with a maximum size of 256kb.


Advertisment to support michlstechblog.info

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.