Howto:Wireshark - Autoremove remote interfaces: Difference between revisions
Created page with "==Applies To== This information applies to * Wireshark v3.x.x and v4.x.x ==More Information== If you add remote interfaces to Wireshark, they will be stored in your config, so they will persist on restarting the app.<br> Later, the before added interfaces might no longer be reachable since you may have disabled the RPCAP trace on the gateway, or you moved to a different network.<br> Opening up the settings can then take a long time, since Wireshark will wait for time..." |
|||
| Line 17: | Line 17: | ||
'''Use at your own risk.'''<br> | '''Use at your own risk.'''<br> | ||
'''We do not provide support for the scripts. | '''We do not provide support for the scripts. | ||
==Script and Download== | ==Script and Download== | ||
Apparently, the way remote hosts were stored changed with version 4.4.2.<br> | Apparently, the way remote hosts were stored changed with version 4.4.2.<br> | ||
| Line 27: | Line 25: | ||
===Version before 4.4.2=== | ===Version before 4.4.2=== | ||
'''[[Media:Wireshark before 4.4.2.zip|Download: Wireshark before 4.4.2]]''' | '''[[index.php?title=Media:Wireshark before 4.4.2.zip|Download: Wireshark before 4.4.2]]''' | ||
<syntaxhighlight lang="batch" line> | <syntaxhighlight lang="batch" line> | ||
@echo OFF | @echo OFF | ||
| Line 65: | Line 63: | ||
===Version after 4.4.2=== | ===Version after 4.4.2=== | ||
'''[[Media:Wireshark after 4.4.2.zip|Download: Wireshark after 4.4.2]]''' | '''[[index.php?title=Media:Wireshark after 4.4.2.zip|Download: Wireshark after 4.4.2]]''' | ||
<syntaxhighlight lang="batch" line> | <syntaxhighlight lang="batch" line> | ||
@echo OFF | @echo OFF | ||
Revision as of 15:08, 3 December 2024
Applies To
This information applies to
- Wireshark v3.x.x and v4.x.x
More Information
If you add remote interfaces to Wireshark, they will be stored in your config, so they will persist on restarting the app.
Later, the before added interfaces might no longer be reachable since you may have disabled the RPCAP trace on the gateway, or you moved to a different network.
Opening up the settings can then take a long time, since Wireshark will wait for timeouts and display an error message for each stored interface.
It is possible to remove them manually, but if you are working with a lot of different devices it can be very tedious.
You can automatically remove those stored remote addresses by using the provided script in this article for starting Wireshark.
Disclaimer
Those scripts are examples.
Use at your own risk.
We do not provide support for the scripts.
Script and Download
Apparently, the way remote hosts were stored changed with version 4.4.2.
Before version 4.4.2 those addresses were stored in the %appdata%\wireshark\recent_common file in a line beginning with "recent.remote_host".
From version 4.4.2 onward, remote hosts are now stored in a separate file: %appdata%\wireshark\remote_hosts.json.
So there are to versions of the script:
Version before 4.4.2
Download: Wireshark before 4.4.2
@echo OFF
REM ------ Settings definition ------
REM Path of the Wireshark binary (executed after removal of recent hosts. Default: "C:\Program Files\Wireshark\Wireshark.exe")
set binpath="C:\Program Files\Wireshark\Wireshark.exe"
REM Directory path for Wireshark user settings (Default: "%appdata%\wireshark")
set appdatadir=%appdata%\wireshark
REM Letter mask contained in the line to be removed
set filter=recent.remote_host
REM ------ Logic ------
REM goto skip_disabled
REM By uncommenting the previous line you can disable the cleanup procedure and just start Wireshark
Echo Cleanup old remote interfaces...
findstr /v %filter% %appdatadir%\recent_common > %appdatadir%\recent_common_
copy /Y %appdatadir%\recent_common_ %appdatadir%\recent_common > Nul
del %appdatadir%\recent_common_
Echo Cleanup complete starting Wireshark...
start /B "" %binpath%
exit
:skip_disabled
Echo Cleanup disabled...
start /B "" %binpath%
exit
Version after 4.4.2
Download: Wireshark after 4.4.2
@echo OFF
REM ------ Settings definition ------
REM Path of the Wireshark binary (executed after removal of recent hosts. Default: "C:\Program Files\Wireshark\Wireshark.exe")
set binpath="C:\Program Files\Wireshark\Wireshark.exe"
REM Directory path for Wireshark user settings (Default: "%appdata%\wireshark")
set appdatadir=%appdata%\wireshark
REM Letter mask contained in the line to be removed
set file=remote_hosts.json
REM ------ Logic ------
REM goto skip_disabled
REM By uncommenting the previous line you can disable the cleanup procedure and just start Wireshark
Echo Cleanup old remote interfaces...
del %appdatadir%\%file%
Echo Cleanup complete starting Wireshark...
start /B "" %binpath%
exit
:skip_disabled
Echo Cleanup disabled...
start /B "" %binpath%
exit
Usage
By executing the script, the stored remote hosts will be removed and Wireshark will be started.
You no longer need to clean up those addresses by yourself or wait for the timeouts and click away the error messages.
You could create a shortcut for the batch file and place it on the desktop or attach it to the taskbar.