How to capture Wireshark logs on scheduled backups via pre/post-commands

How to capture Wireshark logs on scheduled backups via pre/post-commands


  1. Download the free Wireshark utility from http://www.wireshark.org/download.html and install Wireshark on the device.
  2. Note the installation folder with the executable, e.g. C:\Program Files\Wireshark
  3. Create a pre-backup and post-backup commands as specified on the attached screenshot. Make sure to adjust the working folder to the one noted at step 2.



  • name of the interface for the "-i" parameter can be defined through "wireshark -D" command or by running Wireshark and noting the interface name in the GUI
  • "-a duration:60" is to ensure the capture stops after 60 seconds and doesn't continue in case the backup runs for longer. Specify a duration at which the backup usually fails in seconds (60 for 1 minute, 900 for 15 minutes and so on - the larger the value, the larger the log).
  • specify the target file name for capture in "-w" parameter, e.g. D:\capture.pcap 
  • "-k" is to start capture immediately
  • "-H" to hide the interface
  • taskkill /im "wireshark.exe" /F is to make sure the wireshark process is killed after the backup succeeds - to avoid spawning multiple unneeded processes.

4. Uncheck all Fail the backup if command execution fails and Don't start options

5. On a successful backup the pre-backup command will end with a failure, this is expected because we forcefully kill the process. On a failed backup the post-backup command will not start which means you will need to kill the wireshark.exe manually. This doesn't affect the capture file in any way.

6. Provide the collected capture to our support team.