Long-Term recordings with Wireshark
Recording the network traffic via the Wireshark GUI results in a single big file. This is unpractical for obvious reasons. By using the terminal program TShark.exe in the Wireshark program folder, you start a customized recording.
The parameters have the following meaning:
|-a duration:<interval>||defines the recording stop condition. In this example the maximum interval to record is 1 day (86400 sec.)|
|-b duration:<interval>||defines the size of the ring buffer. After exceeding the limit, a file switch happens.|
|-i <interface>||interface number|
|-w <filepath>||target file|
The resulting filenames look the following:
Study the help. There are some interesting possibilities.