I want to run tshark on a Raspberry Pi after booting or for a defined period of time and save the captured packets into a file. This file should then be accessible from Wireshark on my Windows laptop. I want to do this because I want to capture packets for example when I am not at home and then can analyze the captured data when I am back home. Is that possible? How can I start capturing after booting or for a defined period of time into a file and then send it to Wireshark on my laptop?
tcpdump -s 0 -i eth0 -W 1 -w dump.pcap -G 3600 port ftp or http
Will keep writing all matching packets to dump.pcap for 3600 seconds. You can then copy that file to your machine and load it normally with Wireshark's open dialog.
You could also use dumpcap or even tshark if you want, but tcpdump is well suited for this.
As for running on system startup, checkout:
Run automatically program on startup under linux ubuntu or just append your tcpdump line with an & at the end to /etc/rc.local.