RubyGuides
Share this post!

Wireshark: Auto-start capturing

Most of the time when you open wireshark you will want to start capturing right away. You can pass some flags to wireshark so it starts capturing as soon as it opens. The option for this is -k but you also need to choose and interface to capture from, in Linux you can see your interfaces with ifconfig or ip show addr (shortcut: ip a) and edit your menu entry or panel launcher like this:

wireshark

And with that you should be good to go. For windows interface names are a bit more involved, you can list them using wireshark -D, in my case it looks like this:

The part that you need has this format: DeviceNPF_{0F09D25E-33C7-493D-9CB9-8E9B3433439B}  
So now you can modify your shortcut:

"C:\Program FilesWiresharkwireshark.exe" -k -i "DeviceNPF_{0F09D25E-33C7-493D-9CB9-8E9B3433439B}"

Finally, remember that when you update wireshark the shortcut will be removed, so you may want to rename it to avoid this.