Wireshark Captures with Dumpcap
One of the tricky things about troubleshooting with network protocol analysis is getting comfortable with unattended capture when you need to start a capture at a specific time. There are three ways to approach this with Wireshark:
- Write a script or macro that will navigate around the screen’s GUI and start/stop the capture.
- Use the Tshark Wireshark utility and a scheduling program
- Use the dumpcap Wireshark tool and a scheduling program
The problem with the first option is that if anything on the screen is repositioned, the script will fail. There has always been quite a debate over Tshark and dumpcap. I can safely say that when performance is a concern, dumpcap is the clear winner.
This is where DumpcapUI from Douglas A. Dietz comes in. This portable utility allows you to configure some of the more common dumpcap features using a GUI interface and configure a task in your Microsoft Scheduler.
In this video, I show how to get started with DumpcapUI.
I strongly recommend testing your configuration before scheduling or going live with any configuration and to use ring buffers for long-term capture. Also, use file size as your “Next file every” option instead of time. Unless you have a really good grasp of filtering and what traffic to expect, you have no idea how much traffic you will capture within a given time frame. Please see my previous video on large packet capture.
Recommended For You
In honor of St. Patrick’s Day, there’s no better time to reflect on those instants when life threw us a curveball, but we were able to hit a home run.
The success of modern enterprises, especially those utilizing real-time communications solutions, is highly reliant on IT infrastructure availability.
To understand the critical role of HTTP/2 in streamlining operations, we must look back at the technologies and implementation gaps that got us where we are today.
A video overview and best practices on how to reduce broadcasts and find other things to tune.
This is a great example of the perfect storm of variables coming together to cause performance issues. Watch the video to see how the problem was found.
Providers should be making infrastructure work for everyone in 2019, improving efficiency and opening up networks for all apps on their infrastructure.