This is a tshark command to output packet capture live to a windows txt file. tshark -i your_interface -V > your _path _to _text _file This is a tshark command to output the wireshark GUI column data of the pcap to the txt file tshark -n -r path _ of _ pcap_file > path _ of _ txt _ file My expected windows txt output : 1 0.000000 164.124.33.78 -> 192.168.0.1 TCP 54 35165 > 80 [SYN] Seq=0 Win=16384 Len=0 2 0.000001 38.198.26.9 -> 192.168.0.1 TCP 54 14378 > 80 [SYN] Seq=0 Win=16384 Len=0 3 0.000003 132.212.36.201 -> 192.168.0.1 TCP 54 31944 > 80 [SYN] Seq=0 Win=16384 Len=0 First Question : How do i know what is the interface to capture the packets live and how to address that in a tshark command as its IP address or its name? Second Question : I would like to capture the packet data live, generate the above txt output that i expect to a txt file as in "combining the two tshark commands" stated above?? |
You can't specify an interface by IP address. If you run
You combine the two commands by taking the first command, removing
The description capture interface that i use to capture live packets on Windows is Intel(R)Gigabit network connection when i ran tshark -D is something like this: DeviceNPF_{97DEDE1D-222F-4F9B-8A5C-C4BFF6C3904C} (Intel(R)Gigabit network connection) I ran the command like this : tshark -i DeviceNPF_{97DEDE1D-222F-4F9B-8A5C-C4BFF6C3904C} (Intel(R)Gigabit network connection) -n > "C:\Users\L33604\Desktop\capture.txt" then windows cmd CLI threw the error message : Please check that DeviceNPF_{97DEDE1D-222F-4F9B-8A5C-C4BFF6C3904C} is the correct interface. What is wrong here??
(23 Apr '12, 01:37)
misteryuku
You need to use the number associated with each interface, e.g. if tshark -D gives you this:
then use
(23 Apr '12, 04:39)
grahamb ♦
|