Search the Community

Hello, to provide an easy to use starter to capture traffic on all NICs found, I can successfully get all the interfaces of TSHARK.EXE (the command line version that's automatically installed along with wireshark) with this script: #include <AutoItConstants.au3> #include <Array.au3> $TS_WD = "C:\Program Files\Wireshark" $TS_exe = $TS_WD & "\tshark.exe" if not FileExists($TS_exe) Then MsgBox(48,"Fatal Error","No Wireshark Commandline Tool ""TSHARK.EXE"" found:" & @CRLF & _ $TS_exe) Exit EndIf $DString = "" $PIDGetIFs = Run($TS_exe & " -D", $TS_WD, @SW_HIDE, $STDERR_MERGED) While ProcessExists($PIDGetIFs) $DString &= StdoutRead($PIDGetIFs) WEnd ; MsgBox(0,"IFs",$DString) $aNICs = StringSplit($DString, @CRLF, 1) _ArrayDisplay($aNICs) $RegExIF = "^(?:\d+\. )(\\.*?})(?: \()(.*?)(\))$" ; $1 = TSHARK Interface Name, $2 = Windows Interface Name ; ... get the names to run TSHARK with the appropriate interface string When I run TSHARK.EXE using this line directly, I see a continuously growing number telling the number of packets captured so far. "C:\Program Files\Wireshark\tshark.exe" -i \Device\NPF_{AEB931E9-E5FA-4DA5-8328-D87BDF53805C} -b duration:300 -b files:600 -w "y:\TShark-Ringbuffer\LAN-Verbindung\TSHARK-Com-0317_17---LAN-Verbindung___.pcap" Using this script, I *DO* see the first output line "Capturing on 'LAN-Verbindung'", but I cannot get hold of the continuously growing number of packets captured so far. #include <AutoItConstants.au3> $WD="C:\Program Files\Wireshark" $CMD='"C:\Program Files\Wireshark\tshark.exe" -i \Device\NPF_{AEB931E9-E5FA-4DA5-8328-D87BDF53805C} -b duration:300 -b files:600 -w "y:\TShark-Ringbuffer\LAN-Verbindung\TSHARK-Com-0317_17---LAN-Verbindung___.pcap"' ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $CMD = ' & $CMD & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console $PID=Run($CMD,$WD,@SW_SHOW,$stderr_merged) ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $PID = ' & $PID & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console $OutputAll="" While ProcessExists($PID) $output=StdoutRead($PID) $OutputAll&=$output ToolTip($OutputAll) if $output <> "" then ConsoleWrite("""" & $output & """" & @CRLF) Sleep(1000) WEnd ConsoleWrite("Process vanished" & @CRLF) This is the output of SciTE, when I let TSHARK.EXE run for a short while, the "close" it's "box" ... --> Press Ctrl+Alt+Break to Restart or Ctrl+Break to Stop @@ Debug(10) : $CMD = "C:\Program Files\Wireshark\tshark.exe" -i \Device\NPF_{AEB931E9-E5FA-4DA5-8328-D87BDF53805C} -b duration:300 -b files:600 -w "y:\TShark-Ringbuffer\LAN-Verbindung\TSHARK-Com-0317_17---LAN-Verbindung___.pcap" >Error code: 0 @@ Debug(13) : $PID = 10948 >Error code: 0 "Capturing on 'LAN-Verbindung' " Process vanished Howto catch the "growing-packet-number" TSHARK.EXE is writing continuously to the same "window position"??? Regards, Rudi.