wireshark continous capture on windows - dumpcap
I've noticed Wireshark memory utilization increases when we use the GUI and it crashes eventually when we use it for continuous capture. Therefore better to use the dumpcap utility which comes with wireshark. First find out the interface , using dumpcap -D C:\Program Files (x86)\Wireshark>dumpcap.exe -D 1. \Device\NPF_{0A4C8668-EAC9-457F-9337-3C4EFCD43AAF} (Ethernet) 2. \Device\NPF_{1F2A8923-0CAD-4160-BBD7-EB11D6B45883} (VirtualBox Host-Only Network) 3. \Device\NPF_{1BB23144-4E34-42D9-92AB-C939B21119A3} (WiFi 2) 4. \Device\NPF_{3C5A536B-5BF8-42AA-A139-32FB360DA95C} (WiFi) 5. \Device\NPF_{A8EF2C83-9A49-4A9E-96E4-2128784ABD6B} (VMware Network Adapter VMnet1) 6. \Device\NPF_{EDB4678A-A120-47A1-A5BF-950A6F1DFA0E} (Local Area Connection 2) 7. \Device\NPF_{F33132F7-A8F9-4E2D-8D35-32A9F662C1C8} (VMware Network Adapter VMnet8) then start the capture, we can define the parameter which rotate the file ( eg: duration , bytes ) Output (files): -w name of file to sav