Start capturing wireshark packets manually


#1

HI,

I am working on an assignment wherein I need to write TCL scripts to capture wireshark packets running on Windows XP.
To start the wireshark capture, one needs to open wireshark.exe and then go to capture->Interface->start.

Before writing script, I tried running manually. Below are the steps, I followed -

  1. Open command prompt from start->Run and type cmd.
  2. Go to path where executable of wireshark is stored( example - c:\program files\wireshark).
  3. run wireshark.exe -i 192.168.1.2

Wireshark application is opened. But it does not start capturing the packets.

I think one needs to do something from the wireshark application and not from the MS-DOS. Can anyone tell me how to start wireshark capture from MS-DOS?

Can anyone also suggest me some other way to start capturing wireshark packets without manually doing it.

Thanks,
saket


#2

Look at :
http://www.wireshark.org/docs/man-pages/wireshark.html
http://www.wireshark.org/docs/man-pages/tshark.html (if you do not need graphical interface)

-i option is not expecting an IP address.
It is expecting something like :

  1. \Device\NPF_{09D21D4E-6818-4F87-9088-636CE2D9666C} (MS Tunnel Interface Driver)
  2. \Device\NPF_{E691C142-E549-49F1-BA9B-6ECFCFBA7E83} (Microsoft)
    You can have the list using tshark.exe -D (tried with wireshark.exe, no result).

You also need -k option to start the capture.


#3

Thanks wsgd!! This works and I could able to get the output :slight_smile: