Is there any way to save Wireshark capture options? So it can be reuse after restart Wireshark. Also, if the saved file is in plain text, it's possible to use scripts generating bunch of capture settings, such with different filter setting. Does anyone know? Thanks.
Asked
Active
Viewed 2,213 times
2 Answers
2
The configuration profiles feature will save some settings, but the capture options aren't covered by this feature.
I think that tshark would probably be a better fit for what you're looking for. You can load the captures generated by tshark into Wireshark for analysis, but tshark lends itself very well, being command-line based, to automated operation.
Evan Anderson
- 141,881
- 20
- 196
- 331
2
Using Wireshark 1.2 I would just recommend making .BAT file scripts that do your job for you. It's a good way of saving your settings:
:: Script to save a wireshark trace
:: tshark -D to get interface id
@echo off
C:
cd C:\Temp\NetTracing
set PATH=%PATH%;C:\Program Files\Wireshark
echo Tracing host 127.1 or 172.1.1.1 or 10.0.0.1
tshark.exe -i 4 -a duration:900 -S -f "tcp and host 127.1 or 172.1.1.1 or 10.0.0.1" -w trace.cap
:: rename the trace with todays timestamp
set tdtd=none
set ttrn=none
set arg="%1"
for /F "tokens=2-4 delims=/ " %%i in ('date /t') do set tdtd=%%i%%j%%k
for /F "tokens=5-8 delims=:. " %%i in ('echo.^| time ^| find "current" ') do set ttrn=%%i%%j%%k%%l
set tufn="trace_%tdtd%%ttrn%.cap"
:: now archive the file
copy trace.cap %tufn%
del trace.cap
echo %tufn% > trace.log
echo Trace file %tufn% saved at %CD%
ping localhost -n 30 >nul
djangofan
- 4,182
- 10
- 46
- 59
-
Since this answer is over 13 years old, is there now a way to save capture options, or is this still "the way"? – Hannah Vernon Aug 30 '23 at 19:57