Book Image

Wireshark Essentials

Book Image

Wireshark Essentials

Overview of this book

Table of Contents (15 chapters)
Wireshark Essentials
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Capturing traffic with Dumpcap


The dumpcap.exe file is the executable that Wireshark actually runs under the covers to capture packets and save them to a trace file in libpcap format. You can run Dumpcap on the command line to circumvent using the Wireshark GUI and use fewer resources. A list of command-line options is available by typing dumpcap.exe -h.

Some of the most useful options are as follows:

  • -D: This prints a list of available interfaces and exits

  • -i <interface>: This specifies a name or index number of an interface to capture on

  • -f <capture filter>: This applies a capture filter in the Berkeley Packet Filter (BPF) syntax

  • -b filesize: This is the file size

  • -w <outfile>: This is the name of the file where the files will be saved

An example of viewing a list of interfaces and then running Dumpcap to capture a specific interface with an IP address capture filter (note the use of quotes around the filter syntax) configured to use a three-file ring buffer with file...