0

Does anyone have any idea on how to force dumpcap to create the directory before it writes in it? I am trying to capture packets for a year, and have a batch file that writes based on the year/month/day/hour, but unfortunately dumpcap doesn’t try and create the directory if it is not there. Any suggestions?

dumpcap -i 2 -b duration:3600 -P -w D:\pcaps\%year%\%month%\%day%\%HH24%\capture -q

Any help would be appreciated.

(I know I could create all the directories ahead of time, or run it every hour with at/schtasks and create the directory beforehand. Looking for another way.)

uid500
  • 53
  • 8

2 Answers2

1

Additionally, I found another workaround (This will store the files by hour and I just have a schtask that runs it each hour):

@echo off


For /f "tokens=1-4 delims=/:." %%a in ("%TIME%") do (
    SET HH24=%%a
    SET MI=%%b
    SET SS=%%c
    SET FF=%%d
)
mkdir d:\pcaps\%year%
mkdir d:\pcaps\%year%\%month%
mkdir d:\pcaps\%year%\%month%\%day%
mkdir d:\pcaps\%year%\%month%\%day%\%HH24%
"c:\program files\wireshark"\dumpcap -i 2 -a duration:3600 -b filesize:100000 -P -w D:\pcaps\%year%\%month%\%day%\%HH24%\CORP.pcap -q
uid500
  • 53
  • 8
0

Does anyone have any idea on how to force dumpcap to create the directory before it writes in it?

No, because there is no way to do that; dumpcap never calls any routines that create a directory for the capture file. The only way to force it to do so would be to change it to do so and recompile it.