Why dumpcap? Because it is light and more importantly its CLI (Command Line Interface). With that we can leverage on and write some automated python, bash or related scripts to automated our work.
In my case, I wanted to capture all the packets and dump it into separate file with size of 50MB and continuously capture for a certain time period e.g 9:00 till 17:00 (wherever you wanted to)
$ dumpcap -i 1 -b filesize:10 -w demo.pcapng
//Command above will dump all packets separately into 10kb size into filename of demo.pcapng
P/S:
-i = interface you wish to capture from (you might wanna run tshark with -D options first)
Anyhow if you stuck, don't forget to read user manual. Cheers!
In my case, I wanted to capture all the packets and dump it into separate file with size of 50MB and continuously capture for a certain time period e.g 9:00 till 17:00 (wherever you wanted to)
$ dumpcap -i 1 -b filesize:10 -w demo.pcapng
//Command above will dump all packets separately into 10kb size into filename of demo.pcapng
P/S:
-i = interface you wish to capture from (you might wanna run tshark with -D options first)
Anyhow if you stuck, don't forget to read user manual. Cheers!
Comments
Post a Comment