Wireshark Distribution: Capinfos (by Joke Snelders)
What are the Unknown Traffic Surprises? (by Michael Patterson)

Wireshark Desktop Shortcut to Start Capturing (by Tony Fortunato)

While I'm working on a problem, I wanted a compromise between the command prompt where I can start capturing immediately and the convienance of the GUI.

So here it is; a shortcut (WINDOWS ONLY) that will immediately start Wiresahark and capture when you open it.

The process is pretty simple;

  1. Go to your command prompt and to the progam files\wireshark directory. Type tshark -D and note which interface you want to capture from. In my case, I want to capture from my docking station which shows up as " USB2.0 to Fast Ethernet Adapter". Highlight the text with the \Device stuff.
    1 cmd line
  2. Either create a new Wireshark ICON, or copy an existing one.  In the Target dialogue box, add -i and paste the "\Device..." -k to the right of the Wireshark.exe .  Make sure you add double qoutes around the \Device info. You can also use the Interface number to the left of the interface. For example, I could have used 7.  The problem with the interface number is that if I install new NIC driver, the numbers will get all out of whack, where the Device info will always remain the same.
    2 window properties
  3. Rename your icon to something more accurate.
    3 icon

Now when I double click this icon, Wireshark will launch and start capturing from my Docking station Ethernet Port.

Enjoy


Comments