Setting up circular logging in Wireshark

We need to run Wireshark on a workstation all day, and set it up for circular logging.
How do I setup logging to overwrite the captures every 100 gig or so? I don't want to fill up the drive on the desktop.
When the error occurs we will stop the capture, but it is hard to day when that will occur during the day.
mlhcab777Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PaulOffordCommented:
The best way to do this is to use dumpcap rather than Wireshark.  As Wireshark runs it decodes packets and builds a structure in storage to contain protocol values.  The more you capture the bigger this structure grows and eventually it may run out of memory.

Dumpcap (part of the Wireshark suite) is a command line tool that just copies the packet from the NIC and writes it to disk.  A typical dumpcap command would be:

dumpcap -i <n> -b filesize:200000 -b files:5 -B 256 -w <path to capturefiles>\<fileprefix>

This command would produce a ring buffer of 5 files, each 200 MB in size.  The <n> must be replaced with the network interface index.  Simply type dumpcap -D to get the list of interface numbers.

There are full details of long-term capture in the Network Trace Capture Guide section of the TribeLab website.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PaulOffordCommented:
I forgot to mention a useful video that demonstrates long-term capture with dumpcap -https://youtu.be/WJM9wSR8PVM
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.