2

Wireshark can easily capture hundreds of thousands of captures in under an hour. I'm wondering if it's possible to configure Wireshark to have WireShark save the capture after a certain amount of frames, and start a new capture after that, just to make sure it all remains within certain proportions.

Best way do do this I think is to start a new instance a few seconds before the save, which will make data overlap a bit, but this way you don't lose frames passed during the saving, and there's no alternative to my knowledge.

Improve this question

1 Answer 1

Reset to default
3

You can specify to use Multiple files during your capture options. From within those options you can define how many capture files you want and how large each file is. So you could say specify to have 20 files 20MB each. And when you're doing the capturing, Wireshark will do a round-robin of those 20 files and every time it hits 20MB, it'll go on to the next file.

Once you stop the capture you can take contiguous files and merge them chronologically too if you wish.

Depending on how much data you're doing, you might want to increase the buffer size a little too, to make sure you're not dropping any packets while capturing.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .