Wireshark: Wireless Display and Capture Filters Samples (by Joke Snelders)
Wireshark Quick Tip: Using the Expert Info (by Chris Greer)

Fetch Sharkie, Fetch ... Good Boy (by Tony Fortunato)

Tony_fortunatoThe_tech_firmAuthor Profile - Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts. Tony is an authorized and certified Fluke Networks and Wireshark Instructor. His Pine Mountain Group CNA Level I and II certification demonstrates his vendor neutral approach to network design, support and implementations. Tony has architected, installed and supported various types of Residential Wireless High Speed as well as hundreds of WIFI hotspots. Tony uses a variety of technologies from Powerline, Wireless and wired technologies to find the most cost-efficient and reliable solution for his customers. Tony combines custom programs, open source and commercial software to ensure a simple support infrastructure.


I was working on an issue and wanted to automatically capture some packets, but was getting annoyed having to check if the capture was done.

I wish Wireshark could magically fetch my packets and bring them to me, like a Golden Retreiver bringing the morning paper.  I guess I will settle for starting a capture with a specified filesize and automatically emailing the file to me, so here's what I did:

I figured out my tshark syntax for my capture.  In this case, I wanted a 1 MB capture and called it 1MB.pcap : tshark -i 3 -a filesize:1000 -w 1MB.pcap  I tested it on my pc first to ensure it worked as I hoped.

Then I found a command line email client, sendemail, allowing me to wrote a simple batch file to capture 1 MB and email the resulting file to me, which looked like this;

tshark -i 3 -a filesize:1000 -w 1MB.pcap

sendemail -f from@thetechfirm.com -t to@thetechfirm.com -m 1MB_TRACE -u 1MB_TRACE -s smtp.server.com -a 1MB.pcap

So now, I literaly run my batch file manually, or scheduled, and wait for my file to arrive in my inbox.

Good boy Sharkie...  Enjoy folks.

Continue reading other LoveMyTool posts by Tony Fortunato »