Can You Run Wireshark As A Service

How to run TShark every bit a Windows Service.

What is TShark?

TShark is a final oriented version of Wireshark designed for capturing and displaying packets.

Can TShark be run as a Windows Service?

The application can exist run as a Windows Service using FireDaemon Pro, which allows you to have the application outset automatically at boot prior to login, start multiple instances of the application and more. This HOWTO volition evidence you how to fix it upwardly. You tin too utilise Fusion to manage FireDaemon and other Windows services via a web browser.

How to set upward TShark under FireDaemon Pro

1. Download the latest version of Wireshark from the official website.

two. Install the Wireshark application. By default it installs to C:\Program Files\Wireshark. Make sure to select the choice to install TShark when prompted.

3. Create a directory where you want the capture logs to be stored. For this HOWTO we volition utilize C:\TShark Output\.

4. Download and install FireDaemon Pro into the directory of your choice, typically C:\Program Files\FireDaemon.

5. Next start the FireDaemon GUI from the desktop shortcut. Click on the "Create a new service definition" button in the toolbar (or type Ctrl+N) and enter the information into the fields as you see beneath. Suit the paths to arrange your installation. Notation the required parameters.

Executable:The path to your tshark.exe file. For the purposes of this HOWTO, the path is C:\Program Files\Wireshark\tshark.exe.
Working Directory:The directory containing your tshark.exe file. For the purposes of this HOWTO, the path is C:\Programme Files\Wireshark

The most important field on the tab is the Parameters. The Parameters define the initial setup of your server.

Here's the total parameter list you should take:
-westward "C:\TShark Output\File" -b duration:3600

-w "C:\TShark Output\Capture" Saves the output to a file named "Capture" in "C:\TShark Output". You can change the path and file name to anything you desire. The raw data in this file can only exist analysed by opening it with TShark. If y'all create the logs files in a directory and the directory does not be, then the service will not beginning.
-b duration:3600 Replace 3600 with the number of seconds to expire before creating a new file. Be careful with this equally you can cease up with thousands of files. If yous do non set this parameter than everytime the service is started it will overwrite the log file.
NOTE: If y'all want to change any other settings y'all can detect more parameters here.
If y'all want text output instead, then don't add whatever parameters. More info on how to configure this later in the HOWTO.

6. Now click on the Settings tab. If you DON'T want to see TShark running, uncheck the Collaborate with Desktop bank check box & select "Subconscious" from the "Show Window" dropdown. You must gear up the task type to "Global" so that child processes are terminated properly when the service is stopped or restarted. You tin optionally run TShark as the user you installed information technology as. Y'all can change the Process Priority to allocate more than CPU time to TShark or specify which CPU or core TShark will run on (in the instance of multi-processor, hyperthreaded or multi-core CPUs).

7. Now click on the Lifecycle tab. Uncheck Graceful Shutdown as information technology can slow the shutdown of TShark.

eight. If you want to use text output instead of raw output and then click on the Logging tab. Choose a path to a log file.

9. Now click on the Scheduling tab. Set the restart schedule to Every 24 Hours. TShark has an issue where information technology exhausts all bachelor memory; read more on the outcome hither. This ways you will need to restart TShark on a regular basis. You may need to play with the restart frequency depending on the amount of retention the computer has and the corporeality of packets being captured. You need 10 times more memory than the full file capture size. And so let's say the total file capture size is 500MB after 24 hours of use. This means 5GB of complimentary RAM, then you will need to set the restart frequency faster (e.chiliad. Every 12 hours).