I have the below script scheduled on windows 2003 R2 64 Bit Standard edition. Wireshark version 1.4.4 with WinPcap 4.1.2. I ran it the first few times from the command line it did run with out any issues. I also ran it a few times from the Schedule Task it did run without any issues. Now when I check it in the morning it shows that it did run however when I look in the directory for the capture file there is no files. So I ran the same command from the command line and now I get the follwoing error message:
Debug Console
wireshark: You cannot specify both a live capture and a capture file to be read.
Press any key to exit.
Script:
@echo off
set KC_cmd_log=E:\KC_Capture\KC_FTPS_cmd.log
if not exist %KC_cmd_log% echo “%date%” “%time%” “New log file created.” > %KC_cmd_log%
if exist E:\KC_Capture\kc_. goto RUN_KCFTPs
goto SKIP_KCFTPS
:RUN_KCFTPS
echo “%date%” “%time%” “Running KC_Capture script.” >> %KC_cmd_log%
"e:\program files\wireshark"wireshark -i \Device\NPF_{62323AB8-AAE0-4CDB-8846-D6972A6FE594} -k -a duration:180 -w e:\KC_Capture\KC_530am_%date:~4,2%%date:~7,2%%date:~10,4%%time:~0,2%%time:~3,2%
echo “%date%” “%time%” “UNZIP command returned with ERRORLEVEL %ERRORLEVEL%” >> %KC_cmd_log%
goto DONE
:SKIP_KCFTPS
echo “%date%” “%time%” “No Traffic to Capture - skipping KC_Capture script.” >> %KC_cmd_log%
goto DONE
:DONE
set KC_cmd_log=
=========================================================================================================
If anyone out there would shed some light on what I’m doing wrong. I’d really appricate it.
P.S. please focus on the wireshark command only and forget about the rest of the script.
Best Regards,