WireShark long-term traffic capture
· One min read
- WireShark is slow when capture large amount of traffic
- WireShark include
dumpcapcommand to capture traffic in CLI, that is faster
List interfaces
dumpcap -D
Capture
| Option | Description |
|---|---|
-i <interface> | capture <interface> |
-b filesize:<size KB> | switch to next file after <size KB> |
-b duration:<second> | switch to next file after <second> seconds |
-b files:<total> | replace the oldest file after <total> files |
-f <filter> | filter packet |
-w <file> | save to <file> |
dumpcap -i 1 -b filesize:1000000 -b files:2 -w capture.pcap